In a competitive environment, competing businesses try to outclass, outbid, outshine and outperform the each other. Nowhere is this more prevalent than in the financial services sector where competition is fierce and product differentiation is virtually non-existence. Time-to-market advantage is all but useless as copycats can deliver better offerings in a matter of weeks. In such a highly competitive environment, the best strategy is to compete against oneself. For by trying to outdo a known benchmark (your own), realistic goals can be set and performance targets achieve.
Until recent years business managers assessed the performance of their enterprises by seeing if the planned strategies are being met and the targets exceeded. The perennial challenge has been to drive strategy down and across the entire enterprise, transform strategies into actionable metrics and deciphering what the numbers mean in the hope of making profitable decisions.
Business managers are looking for ways to measure the performance of products and services to determine which ones can generate the most profit. They want to measure the performance of business units to determine where they should invest for growth. They want to measure the performance of customers to identify lucrative demographics. They want to measure who are contributing to the company's success, who need retraining, and who need to go.
Within the financial services industry performance measurement is a major challenge. Factors such as risk and cost of capital must be factored into profitable calculations. Selling costs are often difficult to capture.
What is needed is a method that allows a systematic, integrated approach that links enterprise strategy to core processes and activities. "Running by the numbers" now means something as planning, budgeting, analysis and reporting can give the measurements that empower management decisions. Corporate Performance Management or CPM is one such method.
Gartner defines CPM as the processes, methodology, metrics, and technologies that enable an enterprise to manage the performance of its business. Although most companies probably have systems or applications that fit into that definition, many are just starting to look at the broader, corporate-strategy-oriented benefits that most analysts believe CPM can deliver.
CPM is really about tying together the strategic initiatives of a company and being able to dynamically drill down into tactical execution plans and data that are coming from operational systems. "Companies may start with a specific need, such as a balanced scorecard or business planning, but ultimately they should choose a solution that can be part of a larger strategy and a larger vision," says John Van Decker, senior vice president of META Group.
Implementing business performance management is not like simply buying applications and suddenly having business performance management capabilities. It's really part of a business process to be able to more dynamically forecast and make changes to your enterprise plan at the highest level and then have those changes filter down into the organization, getting the results into the hands of the managers who influence business on a daily basis.
But CPM is more than technology. It often requires significant cultural change -- from how people share information to what actions and behaviors employees take, based on performance metrics or business results.
Finally, CPM is more than just about measuring performance. Distinction should be made between performance measurement and performance management. A measurement is a static indicator. However, such measurements are not enough on their own to manage a sales strategy, which requires a combination of controls, discrete and continuous indicators, plans, targets, and tactical decisions. Enterprises should watch for solutions that are no more than measurement tools and do little else.
Because CPM combines the elements of business intelligence with those of planning, budgeting, and appropriate-time monitoring, integration with an organization's existing IT assets is important. CPM solutions are often required to work alongside competing offerings and support other elements of CPM in a best-of-breed approach. The goal is to have a flexible CPM architecture that allows the organization to introduce and adapt to new elements of IT infrastructure easily.
Case Study
On any given month the management at Amalgamated Bank of South Africa (ABSA) Group would sift through more than 1200 reports to make business decisions. What's more, no one was clear how much of the information contained in those reports was actionable. Management needed to make sure their investments in creating information actually help managers make better business decisions.
ABSA completely overhauled its approach to business intelligence and performance analysis. A standardized approach was developed and implemented throughout the organization under one technology platform. Classic Kaplan and Norton balance scorecard principles were applied to all business units. To guarantee everyone had access to the system, a Web-based user interface was chosen. To ensure everyone fully co-operates with the implementation, successes at each business unit was conveyed to everyone.
Savings followed quickly as ABSA terminated fragmented projects. The CPM projected quickly identified systems and processes that were leaking performance and resulting in lost opportunities. More importantly, counter measures were implemented to repair these situations.
At ABSA, we learned to aim for early delivery of tangible results, and use those benefits to drive broader support (making sure to avoid the hard sell approach). Finally, to make sure that the metrics are relevant to managerial decision making.
Another CPM story is Union Bank of California. Clear recognition that summary-level data was insufficient to support tactical and strategic decision making in a competitive environment forced the bank to re-evaluate its reporting mechanism. The two-phase CPM project entailed the building of a detailed data capture-end-report mechanism and placement of consistent metrics across the enterprise. This enabled the bank to precisely measure profitability and ensured same statements were reconciled with the general ledger system. Managers were then able to compare actual budgets against projections. The second phase saw pro rata cost allocation replaced with more granular activity-based costing. This enabled the bank to do precision segmentation.
Not the end of the story
Having successfully implemented a CPM doesn't guarantee success altogether. You need to continually evaluate the CPM against set expectations which are dynamically reset to higher goals at every milestone, taking into account marketplace volatility, product proliferation and competitive pressures.
Companies with best-in-class CPM processes and technologies focus more on improving new product introduction strategies and processes, and relatively less on cost-centric value chain strategy pressures than their competitors.
Aberdeen Group lists the following as essential takeaways
Analyze performance from the profit impact across the value chain and not by functional silo; this requires access to financial and operating data at a customer/product/channel/market level of granularity
Identify the root cause of performance variances through better business data analysis -- the real cause of a shortfall is rarely where the impact is measured
Institute a continuous learning environment with a closed loop decision process to inject findings into the company's future decision making process
Support end user access to decision data and "what if" simulation tools in an 'on demand' environment
Pay particular attention to analyzing early the performance of your own and competitors' new and enhanced products -- remedial action requires compressed time to identify issues and determine best responses.
The adventure continues...
Sunday, March 30, 2008
Sunday, March 16, 2008
Build Your Own Call Center: Advise From the Field
The purpose of a call center is to receive and transmit large volumes of requests by telephone. The 'inbound' services it can provide includes administration of incoming product support or information inquiries from customers. Telemarketing and debt collection are the more common forms of 'outbound' services a call center provides.
All call centers share the same basic fundamentals: business need, processes, people, technology and a place to house them all. By now, you will agree that there is market opportunity for outsourced call center services. However, to capture that opportunity, you must first build a call center.
Location
Though seeking a prime location for the business address is not critical, a secure and well-developed infrastructure is. The center should have stable electricity source, broadband connection, and convenient access to public transportation. Because you will be operating at hours when normal shops will be closed, a pantry stocked with basic food and drinks is a must.
Technology
No one should underestimate the impact good technology has on the delivery of service. In fact, technology plays a critical role in ensuring that every call is are efficiently processed, communication is monitored and the entire service-delivery procedure constantly improves.
The typical call center has a number of workstations that include a telephone set/headset connected to a telecom switch, and one or more supervisor stations. Inbound traffic is routed via Private Branch eXchange (PBX) and Automated Call Distribution systems. Predictive dialers automate call outs of potential customers and distribute the calls to available agents. A CRM solution is needed to track each lead (opportunity). As you increase the number of agents, you will require a workforce management solution to manage recruitment and staffing. Agent performance analytics can help keep agents aware of how they are performing and maximize compliance to client expectations.
Organization
The best run call centers maintain a lean organization. Outside of the executive manager, members who will contribute to the success of the call center include the agents, a team leader (1 per 10 agents), and IT manager (1 per 30 PCs). The call center is a people business and communications is the heart of it all. A top priority of management is to ensure that agents undergo regular training since competent and engaged agents are critical to building satisfied customers and successful campaigns. Like most other services, word of mouth will help bring in new business.
Breaking the investment bank
Call center owners have varying opinion on the right proportion of spending on different call center elements. A start-up call center business with five agents will have its investment budget allocated as follows: 20 percent on hardware and software, 10 percent on communications, 55 percent on people, 10 percent facilities, and 5 percent on business development. As the business matures, the people cost (including recruiting, training and compensation) will account for 65 percent of the business.
Revenue mix
Most small call centers start their business with one or two referrals. As expertise grows, the company will begin marketing itself through memberships in industry associations and chambers of commerce. Regular visits to the target market helps to break into new markets.
In Asia, call centers frequently run campaigns travel (special tour packages and time sharing facilities), financial services (insurance, mortgage and investments), consumer product sales (ranging from luxury goods to low-value and high volume products).
About 70 percent of the business comes from US, Europe and Australia. Domestic opportunities account for 20 percent and the remaining 10 percent is from regional clients.
Telemarketing (outbound calls) represents the greatest short-term opportunity for most call centers. Most campaigns are short-term (3-6 months) and payments are usually bi-weekly. Because these are sales transaction driven, the returns are faster compared to inbound contracts (a common type being helpdesk service provisioning) which are contracted at one to three years.
Moving forward
It is relatively easy to set up a call center. Start-up capital can be small provided you do your homework. Selecting the right technology from the start will ensure that you don't waste time and resources identifying the right solution to use. Having good agents who are properly incentivized is important. Because it is a people business, you need to ensure that your agents and team leaders get regular training on best practices in customer engagements. It is a common-sense business.
As a manager and investor, put yourself in the shoes of the potential customer. If you like what you hear from the calling agent, chances are you will not mind continuing the engagement.
The financial rewards are real for those who make the effort on due diligence.
What's next?
In the next issue, we tackle the harsh reality of making your call center a business after the euphoria of the first campaign is over.
All call centers share the same basic fundamentals: business need, processes, people, technology and a place to house them all. By now, you will agree that there is market opportunity for outsourced call center services. However, to capture that opportunity, you must first build a call center.
Location
Though seeking a prime location for the business address is not critical, a secure and well-developed infrastructure is. The center should have stable electricity source, broadband connection, and convenient access to public transportation. Because you will be operating at hours when normal shops will be closed, a pantry stocked with basic food and drinks is a must.
Technology
No one should underestimate the impact good technology has on the delivery of service. In fact, technology plays a critical role in ensuring that every call is are efficiently processed, communication is monitored and the entire service-delivery procedure constantly improves.
The typical call center has a number of workstations that include a telephone set/headset connected to a telecom switch, and one or more supervisor stations. Inbound traffic is routed via Private Branch eXchange (PBX) and Automated Call Distribution systems. Predictive dialers automate call outs of potential customers and distribute the calls to available agents. A CRM solution is needed to track each lead (opportunity). As you increase the number of agents, you will require a workforce management solution to manage recruitment and staffing. Agent performance analytics can help keep agents aware of how they are performing and maximize compliance to client expectations.
Organization
The best run call centers maintain a lean organization. Outside of the executive manager, members who will contribute to the success of the call center include the agents, a team leader (1 per 10 agents), and IT manager (1 per 30 PCs). The call center is a people business and communications is the heart of it all. A top priority of management is to ensure that agents undergo regular training since competent and engaged agents are critical to building satisfied customers and successful campaigns. Like most other services, word of mouth will help bring in new business.
Breaking the investment bank
Call center owners have varying opinion on the right proportion of spending on different call center elements. A start-up call center business with five agents will have its investment budget allocated as follows: 20 percent on hardware and software, 10 percent on communications, 55 percent on people, 10 percent facilities, and 5 percent on business development. As the business matures, the people cost (including recruiting, training and compensation) will account for 65 percent of the business.
Revenue mix
Most small call centers start their business with one or two referrals. As expertise grows, the company will begin marketing itself through memberships in industry associations and chambers of commerce. Regular visits to the target market helps to break into new markets.
In Asia, call centers frequently run campaigns travel (special tour packages and time sharing facilities), financial services (insurance, mortgage and investments), consumer product sales (ranging from luxury goods to low-value and high volume products).
About 70 percent of the business comes from US, Europe and Australia. Domestic opportunities account for 20 percent and the remaining 10 percent is from regional clients.
Telemarketing (outbound calls) represents the greatest short-term opportunity for most call centers. Most campaigns are short-term (3-6 months) and payments are usually bi-weekly. Because these are sales transaction driven, the returns are faster compared to inbound contracts (a common type being helpdesk service provisioning) which are contracted at one to three years.
Moving forward
It is relatively easy to set up a call center. Start-up capital can be small provided you do your homework. Selecting the right technology from the start will ensure that you don't waste time and resources identifying the right solution to use. Having good agents who are properly incentivized is important. Because it is a people business, you need to ensure that your agents and team leaders get regular training on best practices in customer engagements. It is a common-sense business.
As a manager and investor, put yourself in the shoes of the potential customer. If you like what you hear from the calling agent, chances are you will not mind continuing the engagement.
The financial rewards are real for those who make the effort on due diligence.
What's next?
In the next issue, we tackle the harsh reality of making your call center a business after the euphoria of the first campaign is over.
Error reading data from tapes
Years ago I worked as a sales rep for Taiwan Computers, a major motherboard manufacturer in Taiwan. My customers were mainly based in Australia, Hong Kong, New Zealand and the Philippines. The more tedious parts of my job included filing import/export documents at the trade department and going to different banks to chase customer payments, mostly sent via letters of credit (LC).
Government documentation was relatively easy since there was only one department and the forms and the filing were standard. These forms are important today; logistics companies like FedEx, BAX Global and DHL will ask for these before they begin processing your order.
Processing an LC is another matter. In an ideal world, a customer places an order with a manufacturer in a foreign country, goods are shipped and payment is made. However, as most traders would attest, the industry doesn't work on trust alone. Suppliers will not manufacture and ship goods to customers halfway around the world without some assurance of payment. Buyers will not pay for a product that he has not seen nor checked against his specifications.
The key to unlocking transactions between exporters and importers is the LC, issued by a financial institution as an irrevocable guarantee of payment. Once the beneficiary has presented to the issuing or negotiating bank documents complying with the LC terms, the bank is obliged to pay irrespective of any instructions of the applicant to the contrary.
Let's say my company banks with Commercial Trust Bank (CTB) in Taiwan, which has a branch in Hong Kong. My customer is Acme Computers in Sydney. They have an account at National Australia Bank (NAB). Acme sends an order for $100,000 worth of computer parts. I agree to sell the goods and give Acme 30 days to pay, provided they send me a 60-day LC for the full amount.
Acme goes to NAB and applies for a $100,000 LC, with Taiwan Computers as the beneficiary. NAB issues the LC against Acme's account at the bank. NAB sends a copy of the LC to CTB, which notifies my company that payment is ready and we can ship the goods Acme ordered with full assurance of payment. Acme sends a letter confirming receipt of the goods. I go to CTB with all the documentations stipulated in the LC, NAB transfers the $100,000 to CTB, which then credits the account of Taiwan Computers by that amount.
"Now imagine if you have 100 customers scattered across 20 countries. Each have their own preferred bank and the payment conditions vary depending on the value of the order and the relationship with the customer," said Claire Buchanan, senior vice president of global operations at Bolero, which runs a global electronic trading platform.
Inefficiencies
There are documented cases of beneficiaries waiting as long as 30 days before getting paid even after the customer has confirmed receipt of the goods. In many cases the delays are the result of back-and-forth processing between the banks. Naturally, the banks are making money from interest, but the customer gains nothing and is meanwhile feeling the pressure on its cashflow. On top of this are the processing fees and bank commissions that will be charged.
The inefficiencies in the existing financial supply chain have been tolerated for many years simply because it was the only one that existed.
Many of the improvements on the supply chain have involve the physical elements, ranging from containerization to fulfillment management, and not the financial side.
According to management consultant Killen Associates, "a typical billion-dollar company spends approximately $27 million annually on unnecessary working capital and inefficient processing functions because they lack visibility into the financial supply chain and receivables." The total value locked up in inefficiencies associated with the global supply chain is estimated at between $500 billion to over $1 trillion.
That is because of 'performance gaps' in the financial supply chain, such as the time taken over documentation and the manual errors that arise from manual input and reconciliation.
Now companies from outside the financial sector are moving to plug those gaps. It's an opportunity keenly eyed by logistics giants such as TNT and pure play financial service providers.
"Traders on both sides of the chain are under constant pressure to identify areas where they could cut cost and improve efficiency," said Ambrose Lin, Managing Director of TNT Express Worldwide Hong Kong, an express logistics provider. "They are passing this pressure on to their logistics providers expecting value-added services that are not their core focus."
Imagine if you have a system where the information about your business is stored electronically and when you need to issue an LC, you simply connect to a service provider, identify the bank you want to deal with and provide the details of the track. The system extracts the appropriate information and electronically fills in the form. This becomes one task that allows your finance controller to see from one dashboard your financial position as it relates to the different transactions you have ongoing, including credit standing and default payment schedules. Such a system would allow you to see receivables as and when they are due via a single console.
These days, traders have options beyond traditional banks. A number of financial services organizations such as JP Morgan and Sumitomo have vastly improved their financial supply chain systems to allow complete end-to-end processing of trade transactions. Because security is of primary importance, these proprietary systems are not accessible to non-partners. What's more, these facilities are only available to large enterprises, leaving small and medium enterprises with an antiquated system that is costing them time and money.
Logistics providers are already extending their value-added services and can potentially offer transaction processing through tie-ups with multiple banks, financial service providers, such as Morgan Stanley.
"As an internationally recognized and trustworthy express service provider, TNT does not currently engage in expediting payment processing requirements of our customers. In the not too distant future, an innovative e-invoicing services will be launched and made available to all customers with account relationship with us", Lin said.
Another option for traders is a neutral, secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.
This is the opportunity Bolero targets, sitting between banks and international traders offering a single dashboard from which to complete a transaction for any country or bank. Bolero is a neutral secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.
"Our solutions integrate the physical and financial supply chains, providing visibility, predictability, accuracy and security. This delivers significant improvements in operational efficiencies and reductions in working capital," notes Buchanan.
Buchanan admits that larger banks offer similar services using proprietary systems. In the open market, she claims only Bolero has a platform built for international trade. "There are several things you have to have in place to make this work, not the least of which is security. When you have transactions that cross international borders you need a system that is not only secure but has a framework that is legally enforceable across the different countries," she adds.
However this plays out, it is clear competition is finally coming to the international financial supply chain.
Government documentation was relatively easy since there was only one department and the forms and the filing were standard. These forms are important today; logistics companies like FedEx, BAX Global and DHL will ask for these before they begin processing your order.
Processing an LC is another matter. In an ideal world, a customer places an order with a manufacturer in a foreign country, goods are shipped and payment is made. However, as most traders would attest, the industry doesn't work on trust alone. Suppliers will not manufacture and ship goods to customers halfway around the world without some assurance of payment. Buyers will not pay for a product that he has not seen nor checked against his specifications.
The key to unlocking transactions between exporters and importers is the LC, issued by a financial institution as an irrevocable guarantee of payment. Once the beneficiary has presented to the issuing or negotiating bank documents complying with the LC terms, the bank is obliged to pay irrespective of any instructions of the applicant to the contrary.
Let's say my company banks with Commercial Trust Bank (CTB) in Taiwan, which has a branch in Hong Kong. My customer is Acme Computers in Sydney. They have an account at National Australia Bank (NAB). Acme sends an order for $100,000 worth of computer parts. I agree to sell the goods and give Acme 30 days to pay, provided they send me a 60-day LC for the full amount.
Acme goes to NAB and applies for a $100,000 LC, with Taiwan Computers as the beneficiary. NAB issues the LC against Acme's account at the bank. NAB sends a copy of the LC to CTB, which notifies my company that payment is ready and we can ship the goods Acme ordered with full assurance of payment. Acme sends a letter confirming receipt of the goods. I go to CTB with all the documentations stipulated in the LC, NAB transfers the $100,000 to CTB, which then credits the account of Taiwan Computers by that amount.
"Now imagine if you have 100 customers scattered across 20 countries. Each have their own preferred bank and the payment conditions vary depending on the value of the order and the relationship with the customer," said Claire Buchanan, senior vice president of global operations at Bolero, which runs a global electronic trading platform.
Inefficiencies
There are documented cases of beneficiaries waiting as long as 30 days before getting paid even after the customer has confirmed receipt of the goods. In many cases the delays are the result of back-and-forth processing between the banks. Naturally, the banks are making money from interest, but the customer gains nothing and is meanwhile feeling the pressure on its cashflow. On top of this are the processing fees and bank commissions that will be charged.
The inefficiencies in the existing financial supply chain have been tolerated for many years simply because it was the only one that existed.
Many of the improvements on the supply chain have involve the physical elements, ranging from containerization to fulfillment management, and not the financial side.
According to management consultant Killen Associates, "a typical billion-dollar company spends approximately $27 million annually on unnecessary working capital and inefficient processing functions because they lack visibility into the financial supply chain and receivables." The total value locked up in inefficiencies associated with the global supply chain is estimated at between $500 billion to over $1 trillion.
That is because of 'performance gaps' in the financial supply chain, such as the time taken over documentation and the manual errors that arise from manual input and reconciliation.
Now companies from outside the financial sector are moving to plug those gaps. It's an opportunity keenly eyed by logistics giants such as TNT and pure play financial service providers.
"Traders on both sides of the chain are under constant pressure to identify areas where they could cut cost and improve efficiency," said Ambrose Lin, Managing Director of TNT Express Worldwide Hong Kong, an express logistics provider. "They are passing this pressure on to their logistics providers expecting value-added services that are not their core focus."
Imagine if you have a system where the information about your business is stored electronically and when you need to issue an LC, you simply connect to a service provider, identify the bank you want to deal with and provide the details of the track. The system extracts the appropriate information and electronically fills in the form. This becomes one task that allows your finance controller to see from one dashboard your financial position as it relates to the different transactions you have ongoing, including credit standing and default payment schedules. Such a system would allow you to see receivables as and when they are due via a single console.
These days, traders have options beyond traditional banks. A number of financial services organizations such as JP Morgan and Sumitomo have vastly improved their financial supply chain systems to allow complete end-to-end processing of trade transactions. Because security is of primary importance, these proprietary systems are not accessible to non-partners. What's more, these facilities are only available to large enterprises, leaving small and medium enterprises with an antiquated system that is costing them time and money.
Logistics providers are already extending their value-added services and can potentially offer transaction processing through tie-ups with multiple banks, financial service providers, such as Morgan Stanley.
"As an internationally recognized and trustworthy express service provider, TNT does not currently engage in expediting payment processing requirements of our customers. In the not too distant future, an innovative e-invoicing services will be launched and made available to all customers with account relationship with us", Lin said.
Another option for traders is a neutral, secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.
This is the opportunity Bolero targets, sitting between banks and international traders offering a single dashboard from which to complete a transaction for any country or bank. Bolero is a neutral secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.
"Our solutions integrate the physical and financial supply chains, providing visibility, predictability, accuracy and security. This delivers significant improvements in operational efficiencies and reductions in working capital," notes Buchanan.
Buchanan admits that larger banks offer similar services using proprietary systems. In the open market, she claims only Bolero has a platform built for international trade. "There are several things you have to have in place to make this work, not the least of which is security. When you have transactions that cross international borders you need a system that is not only secure but has a framework that is legally enforceable across the different countries," she adds.
However this plays out, it is clear competition is finally coming to the international financial supply chain.
Taking Some of the Headache -- and Cost -- Out of Trading Transactions
Years ago I worked as a sales rep for Taiwan Computers, a major motherboard manufacturer in Taiwan. My customers were mainly based in Australia, Hong Kong, New Zealand and the Philippines. The more tedious parts of my job included filing import/export documents at the trade department and going to different banks to chase customer payments, mostly sent via letters of credit (LC).
Government documentation was relatively easy since there was only one department and the forms and the filing were standard. These forms are important today; logistics companies like FedEx, BAX Global and DHL will ask for these before they begin processing your order.
Processing an LC is another matter. In an ideal world, a customer places an order with a manufacturer in a foreign country, goods are shipped and payment is made. However, as most traders would attest, the industry doesn't work on trust alone. Suppliers will not manufacture and ship goods to customers halfway around the world without some assurance of payment. Buyers will not pay for a product that he has not seen nor checked against his specifications.
The key to unlocking transactions between exporters and importers is the LC, issued by a financial institution as an irrevocable guarantee of payment. Once the beneficiary has presented to the issuing or negotiating bank documents complying with the LC terms, the bank is obliged to pay irrespective of any instructions of the applicant to the contrary.
Let's say my company banks with Commercial Trust Bank (CTB) in Taiwan, which has a branch in Hong Kong. My customer is Acme Computers in Sydney. They have an account at National Australia Bank (NAB). Acme sends an order for $100,000 worth of computer parts. I agree to sell the goods and give Acme 30 days to pay, provided they send me a 60-day LC for the full amount.
Acme goes to NAB and applies for a $100,000 LC, with Taiwan Computers as the beneficiary. NAB issues the LC against Acme's account at the bank. NAB sends a copy of the LC to CTB, which notifies my company that payment is ready and we can ship the goods Acme ordered with full assurance of payment. Acme sends a letter confirming receipt of the goods. I go to CTB with all the documentations stipulated in the LC, NAB transfers the $100,000 to CTB, which then credits the account of Taiwan Computers by that amount.
"Now imagine if you have 100 customers scattered across 20 countries. Each have their own preferred bank and the payment conditions vary depending on the value of the order and the relationship with the customer," said Claire Buchanan, senior vice president of global operations at Bolero, which runs a global electronic trading platform.
Inefficiencies
There are documented cases of beneficiaries waiting as long as 30 days before getting paid even after the customer has confirmed receipt of the goods. In many cases the delays are the result of back-and-forth processing between the banks. Naturally, the banks are making money from interest, but the customer gains nothing and is meanwhile feeling the pressure on its cashflow. On top of this are the processing fees and bank commissions that will be charged.
The inefficiencies in the existing financial supply chain have been tolerated for many years simply because it was the only one that existed.
Many of the improvements on the supply chain have involve the physical elements, ranging from containerization to fulfillment management, and not the financial side.
According to management consultant Killen Associates, "a typical billion-dollar company spends approximately $27 million annually on unnecessary working capital and inefficient processing functions because they lack visibility into the financial supply chain and receivables." The total value locked up in inefficiencies associated with the global supply chain is estimated at between $500 billion to over $1 trillion.
That is because of 'performance gaps' in the financial supply chain, such as the time taken over documentation and the manual errors that arise from manual input and reconciliation.
Now companies from outside the financial sector are moving to plug those gaps. It's an opportunity keenly eyed by logistics giants such as TNT and pure play financial service providers.
"Traders on both sides of the chain are under constant pressure to identify areas where they could cut cost and improve efficiency," said Ambrose Lin, Managing Director of TNT Express Worldwide Hong Kong, an express logistics provider. "They are passing this pressure on to their logistics providers expecting value-added services that are not their core focus."
Imagine if you have a system where the information about your business is stored electronically and when you need to issue an LC, you simply connect to a service provider, identify the bank you want to deal with and provide the details of the track. The system extracts the appropriate information and electronically fills in the form. This becomes one task that allows your finance controller to see from one dashboard your financial position as it relates to the different transactions you have ongoing, including credit standing and default payment schedules. Such a system would allow you to see receivables as and when they are due via a single console.
These days, traders have options beyond traditional banks. A number of financial services organizations such as JP Morgan and Sumitomo have vastly improved their financial supply chain systems to allow complete end-to-end processing of trade transactions. Because security is of primary importance, these proprietary systems are not accessible to non-partners. What's more, these facilities are only available to large enterprises, leaving small and medium enterprises with an antiquated system that is costing them time and money.
Logistics providers are already extending their value-added services and can potentially offer transaction processing through tie-ups with multiple banks, financial service providers, such as Morgan Stanley.
"As an internationally recognized and trustworthy express service provider, TNT does not currently engage in expediting payment processing requirements of our customers. In the not too distant future, an innovative e-invoicing services will be launched and made available to all customers with account relationship with us", Lin said.
Another option for traders is a neutral, secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.
This is the opportunity Bolero targets, sitting between banks and international traders offering a single dashboard from which to complete a transaction for any country or bank. Bolero is a neutral secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.
"Our solutions integrate the physical and financial supply chains, providing visibility, predictability, accuracy and security. This delivers significant improvements in operational efficiencies and reductions in working capital," notes Buchanan.
Buchanan admits that larger banks offer similar services using proprietary systems. In the open market, she claims only Bolero has a platform built for international trade. "There are several things you have to have in place to make this work, not the least of which is security. When you have transactions that cross international borders you need a system that is not only secure but has a framework that is legally enforceable across the different countries," she adds.
However this plays out, it is clear competition is finally coming to the international financial supply chain.
Government documentation was relatively easy since there was only one department and the forms and the filing were standard. These forms are important today; logistics companies like FedEx, BAX Global and DHL will ask for these before they begin processing your order.
Processing an LC is another matter. In an ideal world, a customer places an order with a manufacturer in a foreign country, goods are shipped and payment is made. However, as most traders would attest, the industry doesn't work on trust alone. Suppliers will not manufacture and ship goods to customers halfway around the world without some assurance of payment. Buyers will not pay for a product that he has not seen nor checked against his specifications.
The key to unlocking transactions between exporters and importers is the LC, issued by a financial institution as an irrevocable guarantee of payment. Once the beneficiary has presented to the issuing or negotiating bank documents complying with the LC terms, the bank is obliged to pay irrespective of any instructions of the applicant to the contrary.
Let's say my company banks with Commercial Trust Bank (CTB) in Taiwan, which has a branch in Hong Kong. My customer is Acme Computers in Sydney. They have an account at National Australia Bank (NAB). Acme sends an order for $100,000 worth of computer parts. I agree to sell the goods and give Acme 30 days to pay, provided they send me a 60-day LC for the full amount.
Acme goes to NAB and applies for a $100,000 LC, with Taiwan Computers as the beneficiary. NAB issues the LC against Acme's account at the bank. NAB sends a copy of the LC to CTB, which notifies my company that payment is ready and we can ship the goods Acme ordered with full assurance of payment. Acme sends a letter confirming receipt of the goods. I go to CTB with all the documentations stipulated in the LC, NAB transfers the $100,000 to CTB, which then credits the account of Taiwan Computers by that amount.
"Now imagine if you have 100 customers scattered across 20 countries. Each have their own preferred bank and the payment conditions vary depending on the value of the order and the relationship with the customer," said Claire Buchanan, senior vice president of global operations at Bolero, which runs a global electronic trading platform.
Inefficiencies
There are documented cases of beneficiaries waiting as long as 30 days before getting paid even after the customer has confirmed receipt of the goods. In many cases the delays are the result of back-and-forth processing between the banks. Naturally, the banks are making money from interest, but the customer gains nothing and is meanwhile feeling the pressure on its cashflow. On top of this are the processing fees and bank commissions that will be charged.
The inefficiencies in the existing financial supply chain have been tolerated for many years simply because it was the only one that existed.
Many of the improvements on the supply chain have involve the physical elements, ranging from containerization to fulfillment management, and not the financial side.
According to management consultant Killen Associates, "a typical billion-dollar company spends approximately $27 million annually on unnecessary working capital and inefficient processing functions because they lack visibility into the financial supply chain and receivables." The total value locked up in inefficiencies associated with the global supply chain is estimated at between $500 billion to over $1 trillion.
That is because of 'performance gaps' in the financial supply chain, such as the time taken over documentation and the manual errors that arise from manual input and reconciliation.
Now companies from outside the financial sector are moving to plug those gaps. It's an opportunity keenly eyed by logistics giants such as TNT and pure play financial service providers.
"Traders on both sides of the chain are under constant pressure to identify areas where they could cut cost and improve efficiency," said Ambrose Lin, Managing Director of TNT Express Worldwide Hong Kong, an express logistics provider. "They are passing this pressure on to their logistics providers expecting value-added services that are not their core focus."
Imagine if you have a system where the information about your business is stored electronically and when you need to issue an LC, you simply connect to a service provider, identify the bank you want to deal with and provide the details of the track. The system extracts the appropriate information and electronically fills in the form. This becomes one task that allows your finance controller to see from one dashboard your financial position as it relates to the different transactions you have ongoing, including credit standing and default payment schedules. Such a system would allow you to see receivables as and when they are due via a single console.
These days, traders have options beyond traditional banks. A number of financial services organizations such as JP Morgan and Sumitomo have vastly improved their financial supply chain systems to allow complete end-to-end processing of trade transactions. Because security is of primary importance, these proprietary systems are not accessible to non-partners. What's more, these facilities are only available to large enterprises, leaving small and medium enterprises with an antiquated system that is costing them time and money.
Logistics providers are already extending their value-added services and can potentially offer transaction processing through tie-ups with multiple banks, financial service providers, such as Morgan Stanley.
"As an internationally recognized and trustworthy express service provider, TNT does not currently engage in expediting payment processing requirements of our customers. In the not too distant future, an innovative e-invoicing services will be launched and made available to all customers with account relationship with us", Lin said.
Another option for traders is a neutral, secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.
This is the opportunity Bolero targets, sitting between banks and international traders offering a single dashboard from which to complete a transaction for any country or bank. Bolero is a neutral secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.
"Our solutions integrate the physical and financial supply chains, providing visibility, predictability, accuracy and security. This delivers significant improvements in operational efficiencies and reductions in working capital," notes Buchanan.
Buchanan admits that larger banks offer similar services using proprietary systems. In the open market, she claims only Bolero has a platform built for international trade. "There are several things you have to have in place to make this work, not the least of which is security. When you have transactions that cross international borders you need a system that is not only secure but has a framework that is legally enforceable across the different countries," she adds.
However this plays out, it is clear competition is finally coming to the international financial supply chain.
10 Simple Rules for Successful ERP Projects
META GROUP said that much as 75 percent of all CRM projects fail to meet their objectives and that 70 percent of ERP and SCM projects are just as appalling if not outrageous. This is because of price tags that each of these engagements can cost an enterprise.
ERP carries with it the burden of integrating the business process with IT and thus requires considerable amount of planning, customization and fine-tuning.
Below we highlight TEN rules that will help guide you through the intricacies of implementing an ERP system and hopefully see you through a successful engagement process.
Geoff Squires, Solutions Director for Asia Pacific at Intentia provides field insight into each rule.
RULE ONE: Develop a strategic vision
An ERP implementation is a business transformation process. It is therefore important to have a strategic vision for the future and develop a high-level roadmap to achieve it. The vision should have achievable targets and that the team must comprise of process and technology experts.
Geoff Squires: The key to the success of any project -- particular the highly complex, multi-site, multi-function deployments, is to continually focus on 'why' this is being done -- whether to mitigate future risk to the business, whether it is to engender improvements based on increase in revenue. All these factors need to be understood and supported from the top board level management down through the organization to ensure all buy into, and keep focused on those goals.
RULE TWO: Align project goals with organizational goals
Project goals must be aligned with the overall goals of the business. Clear project goals must be developed, articulated and used to drive the project decision-making and ultimately measure project success.
GS: The first point to note is that such projects are seldom just technology implementations. Most projects form a significant initiative that impacts the business at a management level, and also and the organization's future operational processes. As such, it's vital that the project is strictly aligned with the company's business and is properly prioritized.
RULE THREE: Establish realistic timelines
A successful, integrated ERP implementation relies on a realistic project timeline. Gathering requirements, designing and configuring the applications, testing, training, and acceptance are standard activities of a technology implementation.
GS: Although people tend to want to get things completed as fast as possible, shortcuts often create significant tensions and issues. It is critical that from the outset, realistic expectations are set -- and managed throughout -- to ensure that the business sees the project running on schedule and succeeding from beginning to end.
RULE FOUR: Staff your project with the right resources
A successful ERP project is manned by a team that represents the various business units that will be impacted by the solution. They work closely with the application specialists who will then customize the application to match the business process.
GS: This is a fundamental issue for many implementation projects. Many project teams have two tasks: to represent the real needs of the business so that the project is built around the right processes for that business; and to build 'respect' for allocated resources, by the business. If process owners are not respected, then it is hard to build respect for the project itself and the outcomes will potentially become tainted by those personal resource attributes.
RULE FIVE: Organize resources as a joint project team
An ERP project is a transformational exercise designed to improve how a company creates, builds and delivers value to its customers. As such, each member of the project team will need to work very closely with each other. To ensure the group stays focused on its goals, members should report to the project manager for the duration of the project.
GS: Once again, this is all about focusing on the ultimate goal(s). That the project is aligned towards that goal, and that people involved are prepared to unite and understand the necessary compromises that may be required across cross-functional areas -- because they are all working to that ultimate end game.
RULE SIX: Utilize cross-functional teams
Business process often cuts across functional departments within the organization. Solutions to process problems are not completely isolated to a specific department. Having a cross functional team approach to problem solving brings together people with specific knowledge, skills, objectivity and fresh perspective necessary to achieve desired improvements.
Gs: This is critical! The danger of working in 'silos' without any crossovers or integration across the team is that the business will likely find itself having to resolve functional issues down the track because the team hasn't worked together properly at the front end of a project. Ensuring project teams understand the entire configuration of a system based on cross-interaction at the start, can be pivotal in mitigating such risks.
RULE SEVEN: Let process drive system design
Successful ERP implementations are projects that are driven by the business process, and not the technology that the company purchased. Conversely, ERP projects fail because technology is allowed to rule the implementation thereby forcing organizations to completely change the way they design, manufacture or deliver products to meet the strengths and weaknesses of the ERP system being introduced into the organization.
GS: This is all about focusing on the ultimate goal(s). That the project is aligned towards that goal, and that people involved are prepared to unite and understand the necessary compromises that may be required across cross-functional areas - because they are all working to that ultimate end game."
RULE EIGHT: Eliminate substitute processes
As the name implies, a substitute process is created to cover up a weakness in the primary process. Substitutes are, by nature, temporary and meant as stop-gap measures to allow for correcting a faulty primary process. Because these are often inadequate by design, their root cause should be identified and fixed to bring back normal processes in line.
GS: Over time, businesses develop numerous processes that essentially are doing very similar or identical things. This is generally the result of organizations working within the constraints of old systems and or old cultures resistant to changes in working practices. It often occurs due to lack of understanding of what is possible at a strategic level, because the process owners are working at an operational level. In these instances, collapsing these multiple systems into one process -- but one that incorporates different variants to cope with any site-specific or unique requirements -- simplifies operations and ultimately the business.
RULE NINE: Use metrics to measure success
A successful ERP implementation will yield measurable results. These can then be used to further improve upon the processes creating a continuous improvement model. The goal of measurement is therefore to improve performance. A successful metric process needs to measure one of three different aspects of a process: cycle time, cost and first pass yield (the percent of acceptable products produced during one cycle).
GS: Quite often, a basic failure of a project can come down to a team's inability to measure the outcomes of the implementation. The most common cause of this is a failure to set benchmarks at the beginning of a project -- a baseline from which to work and compare end results to. Critical to measuring a project's value is to set high and lower KPI's at the beginning and on completion, refer back to these in order to assess realization of those expected benefits.
RULE TEN: Manage the change
The most overlooked and undervalued aspect of a technology initiative is managing the impact of organizational change. Successful ERP projects include a change management program that educate, prepare and motivate those impacted by the change so they can adapt to and succeed in the new environment. Change is always difficult but a committed leadership that is able to effectively communicate and motivate the workforce is primed to achieve the goals it has set at the onset of the ERP project.
GS: Significant changes can touch every part of an organization as the result of such projects. The response will generally fall into categories of those that will embrace change, and those that will resist it. If expectations, concerns or and difficult user acceptance are not managed adequately, it can affect the entire outcome of a project, irrespective of how successful the deployment is.
Conclusion
Organizations increasingly recognize that ERP technology provides the necessary support for efficient business processes. Only when these processes are designed to accommodate the software's functionality can the capabilities of the technology be realized.
ERP carries with it the burden of integrating the business process with IT and thus requires considerable amount of planning, customization and fine-tuning.
Below we highlight TEN rules that will help guide you through the intricacies of implementing an ERP system and hopefully see you through a successful engagement process.
Geoff Squires, Solutions Director for Asia Pacific at Intentia provides field insight into each rule.
RULE ONE: Develop a strategic vision
An ERP implementation is a business transformation process. It is therefore important to have a strategic vision for the future and develop a high-level roadmap to achieve it. The vision should have achievable targets and that the team must comprise of process and technology experts.
Geoff Squires: The key to the success of any project -- particular the highly complex, multi-site, multi-function deployments, is to continually focus on 'why' this is being done -- whether to mitigate future risk to the business, whether it is to engender improvements based on increase in revenue. All these factors need to be understood and supported from the top board level management down through the organization to ensure all buy into, and keep focused on those goals.
RULE TWO: Align project goals with organizational goals
Project goals must be aligned with the overall goals of the business. Clear project goals must be developed, articulated and used to drive the project decision-making and ultimately measure project success.
GS: The first point to note is that such projects are seldom just technology implementations. Most projects form a significant initiative that impacts the business at a management level, and also and the organization's future operational processes. As such, it's vital that the project is strictly aligned with the company's business and is properly prioritized.
RULE THREE: Establish realistic timelines
A successful, integrated ERP implementation relies on a realistic project timeline. Gathering requirements, designing and configuring the applications, testing, training, and acceptance are standard activities of a technology implementation.
GS: Although people tend to want to get things completed as fast as possible, shortcuts often create significant tensions and issues. It is critical that from the outset, realistic expectations are set -- and managed throughout -- to ensure that the business sees the project running on schedule and succeeding from beginning to end.
RULE FOUR: Staff your project with the right resources
A successful ERP project is manned by a team that represents the various business units that will be impacted by the solution. They work closely with the application specialists who will then customize the application to match the business process.
GS: This is a fundamental issue for many implementation projects. Many project teams have two tasks: to represent the real needs of the business so that the project is built around the right processes for that business; and to build 'respect' for allocated resources, by the business. If process owners are not respected, then it is hard to build respect for the project itself and the outcomes will potentially become tainted by those personal resource attributes.
RULE FIVE: Organize resources as a joint project team
An ERP project is a transformational exercise designed to improve how a company creates, builds and delivers value to its customers. As such, each member of the project team will need to work very closely with each other. To ensure the group stays focused on its goals, members should report to the project manager for the duration of the project.
GS: Once again, this is all about focusing on the ultimate goal(s). That the project is aligned towards that goal, and that people involved are prepared to unite and understand the necessary compromises that may be required across cross-functional areas -- because they are all working to that ultimate end game.
RULE SIX: Utilize cross-functional teams
Business process often cuts across functional departments within the organization. Solutions to process problems are not completely isolated to a specific department. Having a cross functional team approach to problem solving brings together people with specific knowledge, skills, objectivity and fresh perspective necessary to achieve desired improvements.
Gs: This is critical! The danger of working in 'silos' without any crossovers or integration across the team is that the business will likely find itself having to resolve functional issues down the track because the team hasn't worked together properly at the front end of a project. Ensuring project teams understand the entire configuration of a system based on cross-interaction at the start, can be pivotal in mitigating such risks.
RULE SEVEN: Let process drive system design
Successful ERP implementations are projects that are driven by the business process, and not the technology that the company purchased. Conversely, ERP projects fail because technology is allowed to rule the implementation thereby forcing organizations to completely change the way they design, manufacture or deliver products to meet the strengths and weaknesses of the ERP system being introduced into the organization.
GS: This is all about focusing on the ultimate goal(s). That the project is aligned towards that goal, and that people involved are prepared to unite and understand the necessary compromises that may be required across cross-functional areas - because they are all working to that ultimate end game."
RULE EIGHT: Eliminate substitute processes
As the name implies, a substitute process is created to cover up a weakness in the primary process. Substitutes are, by nature, temporary and meant as stop-gap measures to allow for correcting a faulty primary process. Because these are often inadequate by design, their root cause should be identified and fixed to bring back normal processes in line.
GS: Over time, businesses develop numerous processes that essentially are doing very similar or identical things. This is generally the result of organizations working within the constraints of old systems and or old cultures resistant to changes in working practices. It often occurs due to lack of understanding of what is possible at a strategic level, because the process owners are working at an operational level. In these instances, collapsing these multiple systems into one process -- but one that incorporates different variants to cope with any site-specific or unique requirements -- simplifies operations and ultimately the business.
RULE NINE: Use metrics to measure success
A successful ERP implementation will yield measurable results. These can then be used to further improve upon the processes creating a continuous improvement model. The goal of measurement is therefore to improve performance. A successful metric process needs to measure one of three different aspects of a process: cycle time, cost and first pass yield (the percent of acceptable products produced during one cycle).
GS: Quite often, a basic failure of a project can come down to a team's inability to measure the outcomes of the implementation. The most common cause of this is a failure to set benchmarks at the beginning of a project -- a baseline from which to work and compare end results to. Critical to measuring a project's value is to set high and lower KPI's at the beginning and on completion, refer back to these in order to assess realization of those expected benefits.
RULE TEN: Manage the change
The most overlooked and undervalued aspect of a technology initiative is managing the impact of organizational change. Successful ERP projects include a change management program that educate, prepare and motivate those impacted by the change so they can adapt to and succeed in the new environment. Change is always difficult but a committed leadership that is able to effectively communicate and motivate the workforce is primed to achieve the goals it has set at the onset of the ERP project.
GS: Significant changes can touch every part of an organization as the result of such projects. The response will generally fall into categories of those that will embrace change, and those that will resist it. If expectations, concerns or and difficult user acceptance are not managed adequately, it can affect the entire outcome of a project, irrespective of how successful the deployment is.
Conclusion
Organizations increasingly recognize that ERP technology provides the necessary support for efficient business processes. Only when these processes are designed to accommodate the software's functionality can the capabilities of the technology be realized.
Shared IT Keeps Airlines Aloft
Intensely competitive" best describes the airline industry where shakeouts are an ever-present threat. Airport capacity, route structures, technology and costs of leasing or buying aircraft significantly impact carriers of all sizes. Adding to the torment of airline executives are the weather, labor relations and the spiraling cost of fuel. This is an industry that has gotten used to an average 5% margin.
On average, fuel accounts for 14%-16% of an airline's total cost, with short haul flights costing more than long-haul ones because take-offs and landings consume high amounts of jet fuel. The cost of labor, including pilots, flight attendants, baggage handlers, dispatchers and customer service staff accounts for up to 40% of an airline's expense.
These forces converge to create an industry in turmoil, constantly looking for ways to cut cost, improve efficiency and maintain customer satisfaction. The arrival of competition from low-cost carriers has added further to this complexity.
Historically, an airline's operation is largely controlled by its government. The US market is viewed as one big homogeneous region and its IT infrastructure is equally homogeneous by design. European carriers are set up around traditional borders with flag carriers dominating their local turf. Because the airline business is capital intensive, governments have traditionally been owners of these national carriers.
Deregulation has helped change this approach to ownership and allowed for introduction of new players. Privately-owned regional carriers have successfully ended the dominance of national carriers. While very large carriers such as British Airways and Alitalia can afford to build and sustain their own IT infrastructure, smaller carriers have banded together and introduced the concept of shared resources - a community that shares common infrastructure.
Unlike Europe, Asia has no single dominant carrier. And because of fragmentation that is complicated by deregulation, many smaller carriers that dominate their local market suffer in other places. Like their European counterparts, large airlines like Cathay Pacific and Singapore Airlines can afford to build their own infrastructure. Everyone else has to learn to share.
"Smaller carriers depend on third parties to meet their infrastructure needs. The result is a proliferation of different technologies and environments, some sharing among themselves while others signing up outsourcing contracts with providers such as Amadeus, Sabre and SITA," said Damian Hickey, vice president of the Airline Business Group at Amadeus.
Pressures of business
Many of Asia's national carriers are state-owned, with little competition. However, this has begun to change with deregulation.
"China's upcoming 22 million middle class travelers are putting pressure on the government to modernize its fleet and enhance airport facilities. The challenge now becomes one of managing the expected growth even as operators are saddled with high operating costs, brought about by inadequate infrastructure and lack of experience in building and managing a modern airline business," notes Mark Abe, vice president of Global Transportation Group at EDS.
The rising cost of fuel and growing competition are forcing most airlines to look at ways to cut cost with information technology expected to contribute significantly to cost reduction. About 80% of the IT infrastructure is common to all carriers.
Younger airlines have the benefit of having fewer legacy systems and processes to manage. That said, they share the same problem as their larger counterparts trying to enhance their IT operational capability in the face of growth prospects - access to technology and skilled resources.
This brings to the fore the concept of a community platform where resources are shared among members of the community. The airline network industry pioneered this concept with the successful launch of SITA, a dedicated network. It was acquired by French telco Equant (now Orange Business Services) and is still used by 640 airlines today.
Outsourcing
While airlines are used to the idea of outsourcing, some still display concerns about which parts make sense to outsource and which elements should best be kept in-house.
"If you look at outsourcing, you need to understand the different types available out there. Traditional outsourcing engagements defer the operation of airline-owned assets to a third party.
A new model is slowly gaining acceptance whereby airlines lease the required IT operations from a third party who owns, operates and manages the physical asset," notes Hickey. Participating airlines are encouraged to take ownership in the community business.
With the exception of the very large carriers, few airlines can afford to build, operate and maintain their own IT infrastructure. The community model allows smaller airlines to have available at their beck and call the requisite infrastructure and services needed, and still allows them to focus on their reason for being - the business of transportation.
"We believe that the future of the airline industry is the leveraging of a common infrastructure. Between 60%-70% of the technology used in airlines is non-strategic. When you look at the economics and business issues, outsourcing starts to make economic sense," concludes Abe.
Significant variations
According to Matthew Davis, director of Consulting at American Express, "Corporate clients are traveling more, and increased globalization is leading to strong demand for long-haul air travel and hotel space at their traveler's destination. Whilst global fares are rising across the board, there are significant variations by region and event the countries within these regions."
The airline industry pioneered the concept of sharing to survive and grow. Despite being competitors, airlines have set aside their competitive egos to pool together resources to build a common platform from which everyone benefits.
The concept of community sharing lends itself beautifully to other industries like financial services, transportation, governments, and education among others. But to achieve the same success as that in the airline industry requires the creation of common standards, the agreement on a unified set of processes, and the willingness to move with the times.
The Flight Biz
There are currently 1.6 billion business and leisure travelers today, estimated to reach 2.3 billion by 2010.
Business travelers are important to airlines because they are more likely to travel several times in a year. These also tend to purchase the upgraded services that have higher margins for airlines.
Leisure travelers, on the other hand, are very price-sensitive and during periods of uncertainty will forgo their travel plans.
Although there are more travelers today than at the beginning of 2000, bottom-line growth has remained relatively modest if not flat.
The cost differential between low-cost carriers and network carriers is as high as 2 to 1, even after adjustments for pay scales, fuel prices and seat density.
Keeping Costs On The Ground
Cost control measures are now extending to outside the internal operations of an organization. Airlines are working with partners to streamline operations and reduce the cost of doing business. Among the process changes and technologies being considered are:
The full migration to electronic ticketing, mandated by the International Air Transport Association (IATA) by end of 2007.
Introduction of self-service check-in kiosks, currently hindered by lack of standards among solution vendors.
RFID technology to process baggage handling at airports.
Simplifying the creation, processing, handling and management of customer information.
All of the above changes require not just simple introduction of new technology but a change in the way partner organizations operate. But to most carriers, these are easier said than done.
On average, fuel accounts for 14%-16% of an airline's total cost, with short haul flights costing more than long-haul ones because take-offs and landings consume high amounts of jet fuel. The cost of labor, including pilots, flight attendants, baggage handlers, dispatchers and customer service staff accounts for up to 40% of an airline's expense.
These forces converge to create an industry in turmoil, constantly looking for ways to cut cost, improve efficiency and maintain customer satisfaction. The arrival of competition from low-cost carriers has added further to this complexity.
Historically, an airline's operation is largely controlled by its government. The US market is viewed as one big homogeneous region and its IT infrastructure is equally homogeneous by design. European carriers are set up around traditional borders with flag carriers dominating their local turf. Because the airline business is capital intensive, governments have traditionally been owners of these national carriers.
Deregulation has helped change this approach to ownership and allowed for introduction of new players. Privately-owned regional carriers have successfully ended the dominance of national carriers. While very large carriers such as British Airways and Alitalia can afford to build and sustain their own IT infrastructure, smaller carriers have banded together and introduced the concept of shared resources - a community that shares common infrastructure.
Unlike Europe, Asia has no single dominant carrier. And because of fragmentation that is complicated by deregulation, many smaller carriers that dominate their local market suffer in other places. Like their European counterparts, large airlines like Cathay Pacific and Singapore Airlines can afford to build their own infrastructure. Everyone else has to learn to share.
"Smaller carriers depend on third parties to meet their infrastructure needs. The result is a proliferation of different technologies and environments, some sharing among themselves while others signing up outsourcing contracts with providers such as Amadeus, Sabre and SITA," said Damian Hickey, vice president of the Airline Business Group at Amadeus.
Pressures of business
Many of Asia's national carriers are state-owned, with little competition. However, this has begun to change with deregulation.
"China's upcoming 22 million middle class travelers are putting pressure on the government to modernize its fleet and enhance airport facilities. The challenge now becomes one of managing the expected growth even as operators are saddled with high operating costs, brought about by inadequate infrastructure and lack of experience in building and managing a modern airline business," notes Mark Abe, vice president of Global Transportation Group at EDS.
The rising cost of fuel and growing competition are forcing most airlines to look at ways to cut cost with information technology expected to contribute significantly to cost reduction. About 80% of the IT infrastructure is common to all carriers.
Younger airlines have the benefit of having fewer legacy systems and processes to manage. That said, they share the same problem as their larger counterparts trying to enhance their IT operational capability in the face of growth prospects - access to technology and skilled resources.
This brings to the fore the concept of a community platform where resources are shared among members of the community. The airline network industry pioneered this concept with the successful launch of SITA, a dedicated network. It was acquired by French telco Equant (now Orange Business Services) and is still used by 640 airlines today.
Outsourcing
While airlines are used to the idea of outsourcing, some still display concerns about which parts make sense to outsource and which elements should best be kept in-house.
"If you look at outsourcing, you need to understand the different types available out there. Traditional outsourcing engagements defer the operation of airline-owned assets to a third party.
A new model is slowly gaining acceptance whereby airlines lease the required IT operations from a third party who owns, operates and manages the physical asset," notes Hickey. Participating airlines are encouraged to take ownership in the community business.
With the exception of the very large carriers, few airlines can afford to build, operate and maintain their own IT infrastructure. The community model allows smaller airlines to have available at their beck and call the requisite infrastructure and services needed, and still allows them to focus on their reason for being - the business of transportation.
"We believe that the future of the airline industry is the leveraging of a common infrastructure. Between 60%-70% of the technology used in airlines is non-strategic. When you look at the economics and business issues, outsourcing starts to make economic sense," concludes Abe.
Significant variations
According to Matthew Davis, director of Consulting at American Express, "Corporate clients are traveling more, and increased globalization is leading to strong demand for long-haul air travel and hotel space at their traveler's destination. Whilst global fares are rising across the board, there are significant variations by region and event the countries within these regions."
The airline industry pioneered the concept of sharing to survive and grow. Despite being competitors, airlines have set aside their competitive egos to pool together resources to build a common platform from which everyone benefits.
The concept of community sharing lends itself beautifully to other industries like financial services, transportation, governments, and education among others. But to achieve the same success as that in the airline industry requires the creation of common standards, the agreement on a unified set of processes, and the willingness to move with the times.
The Flight Biz
There are currently 1.6 billion business and leisure travelers today, estimated to reach 2.3 billion by 2010.
Business travelers are important to airlines because they are more likely to travel several times in a year. These also tend to purchase the upgraded services that have higher margins for airlines.
Leisure travelers, on the other hand, are very price-sensitive and during periods of uncertainty will forgo their travel plans.
Although there are more travelers today than at the beginning of 2000, bottom-line growth has remained relatively modest if not flat.
The cost differential between low-cost carriers and network carriers is as high as 2 to 1, even after adjustments for pay scales, fuel prices and seat density.
Keeping Costs On The Ground
Cost control measures are now extending to outside the internal operations of an organization. Airlines are working with partners to streamline operations and reduce the cost of doing business. Among the process changes and technologies being considered are:
The full migration to electronic ticketing, mandated by the International Air Transport Association (IATA) by end of 2007.
Introduction of self-service check-in kiosks, currently hindered by lack of standards among solution vendors.
RFID technology to process baggage handling at airports.
Simplifying the creation, processing, handling and management of customer information.
All of the above changes require not just simple introduction of new technology but a change in the way partner organizations operate. But to most carriers, these are easier said than done.
Understanding the Shift Toward Network-based Video Surveillance in Asia
Understanding the Shift Toward Network-based Video Surveillance in Asia
Threats of security continue to pervade the global market since September 11. Bombings and threats promising mayhem and destruction had led to a surge in investments around security and surveillance systems. This is fueling the change in how we capture, store, and monitor video.
According to Shivanu Shukla, an industry analyst at Frost & Sullivan "There has been strong interest in being able to remotely monitor surveillance cameras, run video analytics, and integrate surveillance with other physical security systems."
Shukla notes that network-based video surveillance systems are becoming popular. Frost estimates the video surveillance market to grow from $992.1 million in 2006 to $3956.7 million in 2013.
Analog vs. digital
Analog video surveillance systems consists of analog cameras connected via cables to multiplexers and in-turn connected to monitors and key boards. But what happens when the area that needs to be monitored is a significant distance away and there is a need to record 7x24?
Network surveillance solutions allow existing analog cameras to be connected to a video server, which is connected to the network, and monitored by any computer that is on the network, or the existing control room.
"Storage of the video can be done by network video recorders (NVRs), which can be anywhere on the network, as opposed to digital video recorders (DVRs), which need to be placed close to the cameras or the switcher/multiplexer. In a complete network surveillance solution, network cameras are used to connect directly to the IP network, without the need for an external encoder," says Shukla.
Video surveillance deployments in Asia are mostly analog based due in part to the market's price sensitivity. But this is changing as the security threats continue to remain high on radar of both commercial and the public.
Kiran Kumar, a Frost Research Associate, notes that government and transportation sectors are spearheading video surveillance deployments, with large projects for airports, city surveillance, and other critical infrastructure surveillance.
"Fast developing physical infrastructure such as airports, seaports, highways, and rail networks is a key driving force for the strong adoption for video surveillance systems," says Kumar.
There are three main factors limiting the continuing growth of analog video surveillance systems:
Cost: Set-ups and installation costs of traditional coaxial or fiber-based cabling for analog video systems over large areas is very high. Large-scale projects for city surveillance and monitoring of harbors and ports take a significant role in effecting change to network surveillance.
Scalability: Despite DVRs having improved the recording quality of analog cameras, there is still the physical restriction of its installation near the analog matrix.
Flexibility: Integration of analog video surveillance systems with other systems can be cumbersome. Analog surveillance systems are limited to centralized video analytics, which requires additional hardware, cabling and is difficult to scale.
Benefits of network surveillance
Digital technology is helping extend the capability of surveillance beyond what can be achieved with traditional systems.
Technology now allows us to monitor an area from any location in the world in real-time without any significant investment.
Storage of video can be done on NVRs that can be anywhere on the network. How much video we can store digitally is limited only by the amount of hard disk space. And because the video traverses through the network, backups can be done remotely.
Scalability of network surveillance systems is easy and inexpensive. Network cameras can be connected to the network without rewiring.
With network surveillance systems, intelligence can be distributed either directly at the camera or encoder, or centralized on the NVR or a separate server.
Network surveillance systems are cheaper to build and maintain with reusability of existing IP network infrastructure, highly scalable with little incremental costs, low maintenance costs, and ability to reuse existing legacy surveillance cameras and other display and monitoring equipment as key factors for adoption of digital surveillance techniques.
Limitations of going digital
Not everything is bright and rosy. Due to its dependence on the network, security teams will need the support of the IT department.
"The key challenge to adoption is to get the security and IT teams to adopt network surveillance. Existing network infrastructure makes the proposition of network surveillance stronger. However, organizations where such infrastructure is less developed would be slow to move to network surveillance," says Shukla.
He concedes that network surveillance adoption is changing the dynamics between the security personnel and the IT teams within enterprises, hindering its adoption rate. The introduction of network surveillance implies the participation of the IT division in security matters.
"Security personnel are typically more conservative and not open to major changes in their environments. Network surveillance adoption would depend on the successful interactions and communication between the two teams within an enterprise," notes Shukla.
Although Frost & Sullivan expects the trend towards network surveillance to be strong, adoption of analog system will continue to grow as well, albeit slower than network surveillance deployments.
"While remote access, scalability, and distributed intelligence are the key drivers for network video surveillance, price, perceived reliability, and conservative nature of security teams to change and adopt new technologies will hinder adoption," says Kumar.
Traditionally, cameras have been the point of entry for vendors into the market; subsequently their offerings include DVRs, NVRs, encoders, and software, together with switchers and multiplexers.
Increasingly, due to the emergence of network surveillance solutions, there is an effort from vendors to approach the surveillance solution from the NVR or DVR front, by offering better management software, virtual matrix systems and video content analytics as a solution package.
As traction for network video surveillance picks up in Asia Pacific, providing complete end-to-end surveillance solutions is expected to become a key to succeed in the market.
Threats of security continue to pervade the global market since September 11. Bombings and threats promising mayhem and destruction had led to a surge in investments around security and surveillance systems. This is fueling the change in how we capture, store, and monitor video.
According to Shivanu Shukla, an industry analyst at Frost & Sullivan "There has been strong interest in being able to remotely monitor surveillance cameras, run video analytics, and integrate surveillance with other physical security systems."
Shukla notes that network-based video surveillance systems are becoming popular. Frost estimates the video surveillance market to grow from $992.1 million in 2006 to $3956.7 million in 2013.
Analog vs. digital
Analog video surveillance systems consists of analog cameras connected via cables to multiplexers and in-turn connected to monitors and key boards. But what happens when the area that needs to be monitored is a significant distance away and there is a need to record 7x24?
Network surveillance solutions allow existing analog cameras to be connected to a video server, which is connected to the network, and monitored by any computer that is on the network, or the existing control room.
"Storage of the video can be done by network video recorders (NVRs), which can be anywhere on the network, as opposed to digital video recorders (DVRs), which need to be placed close to the cameras or the switcher/multiplexer. In a complete network surveillance solution, network cameras are used to connect directly to the IP network, without the need for an external encoder," says Shukla.
Video surveillance deployments in Asia are mostly analog based due in part to the market's price sensitivity. But this is changing as the security threats continue to remain high on radar of both commercial and the public.
Kiran Kumar, a Frost Research Associate, notes that government and transportation sectors are spearheading video surveillance deployments, with large projects for airports, city surveillance, and other critical infrastructure surveillance.
"Fast developing physical infrastructure such as airports, seaports, highways, and rail networks is a key driving force for the strong adoption for video surveillance systems," says Kumar.
There are three main factors limiting the continuing growth of analog video surveillance systems:
Cost: Set-ups and installation costs of traditional coaxial or fiber-based cabling for analog video systems over large areas is very high. Large-scale projects for city surveillance and monitoring of harbors and ports take a significant role in effecting change to network surveillance.
Scalability: Despite DVRs having improved the recording quality of analog cameras, there is still the physical restriction of its installation near the analog matrix.
Flexibility: Integration of analog video surveillance systems with other systems can be cumbersome. Analog surveillance systems are limited to centralized video analytics, which requires additional hardware, cabling and is difficult to scale.
Benefits of network surveillance
Digital technology is helping extend the capability of surveillance beyond what can be achieved with traditional systems.
Technology now allows us to monitor an area from any location in the world in real-time without any significant investment.
Storage of video can be done on NVRs that can be anywhere on the network. How much video we can store digitally is limited only by the amount of hard disk space. And because the video traverses through the network, backups can be done remotely.
Scalability of network surveillance systems is easy and inexpensive. Network cameras can be connected to the network without rewiring.
With network surveillance systems, intelligence can be distributed either directly at the camera or encoder, or centralized on the NVR or a separate server.
Network surveillance systems are cheaper to build and maintain with reusability of existing IP network infrastructure, highly scalable with little incremental costs, low maintenance costs, and ability to reuse existing legacy surveillance cameras and other display and monitoring equipment as key factors for adoption of digital surveillance techniques.
Limitations of going digital
Not everything is bright and rosy. Due to its dependence on the network, security teams will need the support of the IT department.
"The key challenge to adoption is to get the security and IT teams to adopt network surveillance. Existing network infrastructure makes the proposition of network surveillance stronger. However, organizations where such infrastructure is less developed would be slow to move to network surveillance," says Shukla.
He concedes that network surveillance adoption is changing the dynamics between the security personnel and the IT teams within enterprises, hindering its adoption rate. The introduction of network surveillance implies the participation of the IT division in security matters.
"Security personnel are typically more conservative and not open to major changes in their environments. Network surveillance adoption would depend on the successful interactions and communication between the two teams within an enterprise," notes Shukla.
Although Frost & Sullivan expects the trend towards network surveillance to be strong, adoption of analog system will continue to grow as well, albeit slower than network surveillance deployments.
"While remote access, scalability, and distributed intelligence are the key drivers for network video surveillance, price, perceived reliability, and conservative nature of security teams to change and adopt new technologies will hinder adoption," says Kumar.
Traditionally, cameras have been the point of entry for vendors into the market; subsequently their offerings include DVRs, NVRs, encoders, and software, together with switchers and multiplexers.
Increasingly, due to the emergence of network surveillance solutions, there is an effort from vendors to approach the surveillance solution from the NVR or DVR front, by offering better management software, virtual matrix systems and video content analytics as a solution package.
As traction for network video surveillance picks up in Asia Pacific, providing complete end-to-end surveillance solutions is expected to become a key to succeed in the market.
Hi-Tech Checks in
The information-intensive hotel industry has discovered IT is critical at all points of the business chain
Back then, making travel plans involves many processes. You call up your travel agent and she supplies you with a list of possible hotels, room availability, rates and special offers. You pick the date for the trip and confirm your hotel preference. She then makes the booking through the computer system and off you go. Behind the scenes, she sends a confirmation fax to the hotel with your details. At the receiving end, the hotel will enter your details into their computer system. When you arrive at your destination and you check-in at the front desk, the hotel staff verifies your reservations, assigns you the room and hands you the keys.
Fast forward to today. Technology has caught up with the industry. As the travel agent issues a confirmation to your hotel about your reservation, the global travel distribution system (Amadeus, Galileo, Sabre or Worldspan) will connect to the hotel's back office and make the appropriate entry, minimizing error and ensuring accuracy of customer's details.
Hotels have also adopted a more sophisticated system for tracking customer information. Hotels now use data warehouses and data mining tools to better understand their customers' individual preferences.
The Internet is used to communicate to their business partners -- travel agencies, airlines, government tourism boards, cruise liners, car rentals and global distribution channels -- and provide updates on room availability, rates and special offers.
Competition for a growing class of travel- and tech-savvy customers has forced hotels to adopt the latest technologies to ensure that partners are updated on the current hotel developments. The Internet has spawned a new segment of customers who use the Web to scout for hotel rooms and seek weekend bargains.
Key component
Chris Hartmann of global hospitality consulting firm, HVS International, said the technology used in the hotel industry has evolved. "To look at the state of technology in hotels and resorts today, it's important to understand that 'technology' today is not simply a network infrastructure, computers and the IT department. Technology is a key component of every aspect of hotel ownership. Management of, and a comfort with, today and tomorrow's technology is necessary in every department," said Hartmann, who leads technology strategies for HVS.
Technology investments require well-defined objectives aligned with overall business strategy. Whether it is a hotel redevelopment, acquiring or repositioning hotel assets, scores of decisions require technology insight and operational understanding. Failure to take into account the importance of technology at the onset will result in substantial costs associated with retro-fitting, last-minute implementations, and ongoing operational challenges resulting from poorly selected systems.
CIOs believe that the business of running an IT organization has changed significantly from what it was ten or 15 years ago. Shane Izaks, general manager, information technology at the Hong Kong and Shanghai Hotels Limited (best known as Peninsula Hotels) said to be an effective CIO today, you need to understand the business you are in to get business units to buy into your ideas.
High expectations
"You not only need to understand hardware and software from a systems point of view but from also from a business point of view. This is how IT is able to drive the business. Technology and processes have matured in complexity to the point that understanding the business is paramount to ensuring the successful integration of IT into the business. The CEO, CFO and COO have high expectations of the role that technology plays in the business of running a hotel," Izaks said.
Today's business unit manager, CEO, and his management team - CFO and COO - understand the importance of IT and expect the CIO to understand the business so that there is a tighter integration of technology into the business. The technologies today are much more complex and the resulting integration makes for a more successful alignment of technology to business.
Izaks says the question is not whether technology is sophisticated enough to match the business process "The real challenge lies in the IT team's ability to understand the interdependence of IT and business, and to build processes that would allow for the symbiotic co-existing of two different but interdependent systems," he adds.
Years ago, hotels had isolated islands of systems that didn't talk to each other. No one had a single view of the business; financial systems, CRM and bookings were on different systems that didn't talk to each other, and data was often rekeyed in to spreadsheets to make sense of it. This was the only way for hotel chains with properties located in many parts of the world to have some picture of what the overall business was like.
At that time, no-one was able to know in real-time precisely what was happening in properties within the hotel chain, how the business performed during particular periods, or was able to view and share customers' profile and service preferences.
Today, technology advances give us the ability to connect the different islands of information and enable us to understand what works, what doesn't, who customers are and what their buying patterns are. The Internet has become an accelerator for the adoption of sophisticated technology that will enable the delivery of greater customer service and higher productivity.
The Internet and VPN have allowed the connection of different systems, bringing the data back into a central repository and be able to understand what it all means, in real-time.
Lifecycles and priorities
"Those hoteliers who view technology as a cost center and afterthought to the successful operation of any property risk becoming out of touch with their customers. More dangerous, however, is that those who don't recognize and exploit today and tomorrow's technologies for their competitive advantage will quickly be overtaken by those who do," added Hartmann.
But just as Hartmann is right in his assessment of how business managers look at technology, CIOs like Izaks must continue to grapple with the issue of technology lifecycles and priorities. In good times and bad, budgets remain a constant in the life of a CIO.
Identifying the business priorities, evaluating and recommending one standard for the organization, and sticking to what's been given budget approval are part of the challenge. Advances in technology offer numerous temptations to throw out what's been approved. But most hoteliers will agree that changing the strategy mid-stream is not easily undertaken.
Technology is changing very rapidly. Things get replaced faster with each refresh and the rate of will even be faster in the future. Just as technology is an enabler of new business, it is also becoming an inhibitor. Izaks laments that the inhibitor then becomes getting the right technology into the business, even as that technology cycles through faster than our ability to integrate it in.
"This presents a challenge for the CIO: being able to identify the technology we need, as opposed to what we'd like to have, and allocating budget for it. We have a five-year budget cycle where we look at the technology we purchased last year and track its depreciation on our books. At the same time, we look at our business needs today and start preparing for technologies we might need three or four years into the future. To keep this picture top-of-mind as we work our annual budgets makes for challenging budget planning cycles."
The hotel industry, like others in the hospitality business, is in a constant state of battle readiness. The two gulf wars, SARS, avian flu, and the Asian financial crisis have forever changed the way the industry looks at its future.
The industry is accelerating the adoption of technology to reap the benefits it has to offer in the shortest possible time. The challenge for managers like Izaks is to stay abreast of the changes, keep an open mind to the future, and be prepared to lead every day, 7x24.
Convergence in a hotel suite
Thanks to the mobile phone, guests today avoid using the hotel's phone system to place international calls, causing a fall in hotel communication revenues. Because of this hoteliers have come to regard their voice communication infrastructure as a cost center rather than a profit center. In addition, with more business travelers demanding for Internet connection in the room, hotels have invested in data networking. But for how long will hotels keep spending on two different networks?
Shane Izaks believes that convergence is inevitable. "The Internet presents opportunities to introduce new ways to enhance customer experience and thus differentiate ourselves from the rest of the industry."
Communication technologies allow a certain yet needed differentiation, by offering more and more personalized services to this new wave of guests coming from China, Korea or Russia. Therefore, hoteliers are looking at building up their competitiveness by improving guest services, increase staff efficiency and maximize their return on investment.
Marc-Alexis Remond, director of marketing and business development at Alcatel, points to three beneficiaries of a converging network.
"Hotel guests want personalized services, fast answers, first call resolution and access to advanced communications and entertainment applications. Hotel staff and executives need mobility and collaborative solutions that keep them connected and available, with access to information, in real time and easy interactions with guests and colleagues.
"Everyone wants a highly reliable data and telephony solution that provides consistent user services across the enterprise while benefiting from the maximum operational cost savings for the minimum investment."
The trick is to identify the right technologies and applications and find vendor-suppliers with a strategy for deploying enterprise IP telephony solutions over any data network (LAN switches, routers, etc), whether provided by themselves or a third party. Staying with standards-based solutions will mitigate the risks of vendor lock-in.
Back then, making travel plans involves many processes. You call up your travel agent and she supplies you with a list of possible hotels, room availability, rates and special offers. You pick the date for the trip and confirm your hotel preference. She then makes the booking through the computer system and off you go. Behind the scenes, she sends a confirmation fax to the hotel with your details. At the receiving end, the hotel will enter your details into their computer system. When you arrive at your destination and you check-in at the front desk, the hotel staff verifies your reservations, assigns you the room and hands you the keys.
Fast forward to today. Technology has caught up with the industry. As the travel agent issues a confirmation to your hotel about your reservation, the global travel distribution system (Amadeus, Galileo, Sabre or Worldspan) will connect to the hotel's back office and make the appropriate entry, minimizing error and ensuring accuracy of customer's details.
Hotels have also adopted a more sophisticated system for tracking customer information. Hotels now use data warehouses and data mining tools to better understand their customers' individual preferences.
The Internet is used to communicate to their business partners -- travel agencies, airlines, government tourism boards, cruise liners, car rentals and global distribution channels -- and provide updates on room availability, rates and special offers.
Competition for a growing class of travel- and tech-savvy customers has forced hotels to adopt the latest technologies to ensure that partners are updated on the current hotel developments. The Internet has spawned a new segment of customers who use the Web to scout for hotel rooms and seek weekend bargains.
Key component
Chris Hartmann of global hospitality consulting firm, HVS International, said the technology used in the hotel industry has evolved. "To look at the state of technology in hotels and resorts today, it's important to understand that 'technology' today is not simply a network infrastructure, computers and the IT department. Technology is a key component of every aspect of hotel ownership. Management of, and a comfort with, today and tomorrow's technology is necessary in every department," said Hartmann, who leads technology strategies for HVS.
Technology investments require well-defined objectives aligned with overall business strategy. Whether it is a hotel redevelopment, acquiring or repositioning hotel assets, scores of decisions require technology insight and operational understanding. Failure to take into account the importance of technology at the onset will result in substantial costs associated with retro-fitting, last-minute implementations, and ongoing operational challenges resulting from poorly selected systems.
CIOs believe that the business of running an IT organization has changed significantly from what it was ten or 15 years ago. Shane Izaks, general manager, information technology at the Hong Kong and Shanghai Hotels Limited (best known as Peninsula Hotels) said to be an effective CIO today, you need to understand the business you are in to get business units to buy into your ideas.
High expectations
"You not only need to understand hardware and software from a systems point of view but from also from a business point of view. This is how IT is able to drive the business. Technology and processes have matured in complexity to the point that understanding the business is paramount to ensuring the successful integration of IT into the business. The CEO, CFO and COO have high expectations of the role that technology plays in the business of running a hotel," Izaks said.
Today's business unit manager, CEO, and his management team - CFO and COO - understand the importance of IT and expect the CIO to understand the business so that there is a tighter integration of technology into the business. The technologies today are much more complex and the resulting integration makes for a more successful alignment of technology to business.
Izaks says the question is not whether technology is sophisticated enough to match the business process "The real challenge lies in the IT team's ability to understand the interdependence of IT and business, and to build processes that would allow for the symbiotic co-existing of two different but interdependent systems," he adds.
Years ago, hotels had isolated islands of systems that didn't talk to each other. No one had a single view of the business; financial systems, CRM and bookings were on different systems that didn't talk to each other, and data was often rekeyed in to spreadsheets to make sense of it. This was the only way for hotel chains with properties located in many parts of the world to have some picture of what the overall business was like.
At that time, no-one was able to know in real-time precisely what was happening in properties within the hotel chain, how the business performed during particular periods, or was able to view and share customers' profile and service preferences.
Today, technology advances give us the ability to connect the different islands of information and enable us to understand what works, what doesn't, who customers are and what their buying patterns are. The Internet has become an accelerator for the adoption of sophisticated technology that will enable the delivery of greater customer service and higher productivity.
The Internet and VPN have allowed the connection of different systems, bringing the data back into a central repository and be able to understand what it all means, in real-time.
Lifecycles and priorities
"Those hoteliers who view technology as a cost center and afterthought to the successful operation of any property risk becoming out of touch with their customers. More dangerous, however, is that those who don't recognize and exploit today and tomorrow's technologies for their competitive advantage will quickly be overtaken by those who do," added Hartmann.
But just as Hartmann is right in his assessment of how business managers look at technology, CIOs like Izaks must continue to grapple with the issue of technology lifecycles and priorities. In good times and bad, budgets remain a constant in the life of a CIO.
Identifying the business priorities, evaluating and recommending one standard for the organization, and sticking to what's been given budget approval are part of the challenge. Advances in technology offer numerous temptations to throw out what's been approved. But most hoteliers will agree that changing the strategy mid-stream is not easily undertaken.
Technology is changing very rapidly. Things get replaced faster with each refresh and the rate of will even be faster in the future. Just as technology is an enabler of new business, it is also becoming an inhibitor. Izaks laments that the inhibitor then becomes getting the right technology into the business, even as that technology cycles through faster than our ability to integrate it in.
"This presents a challenge for the CIO: being able to identify the technology we need, as opposed to what we'd like to have, and allocating budget for it. We have a five-year budget cycle where we look at the technology we purchased last year and track its depreciation on our books. At the same time, we look at our business needs today and start preparing for technologies we might need three or four years into the future. To keep this picture top-of-mind as we work our annual budgets makes for challenging budget planning cycles."
The hotel industry, like others in the hospitality business, is in a constant state of battle readiness. The two gulf wars, SARS, avian flu, and the Asian financial crisis have forever changed the way the industry looks at its future.
The industry is accelerating the adoption of technology to reap the benefits it has to offer in the shortest possible time. The challenge for managers like Izaks is to stay abreast of the changes, keep an open mind to the future, and be prepared to lead every day, 7x24.
Convergence in a hotel suite
Thanks to the mobile phone, guests today avoid using the hotel's phone system to place international calls, causing a fall in hotel communication revenues. Because of this hoteliers have come to regard their voice communication infrastructure as a cost center rather than a profit center. In addition, with more business travelers demanding for Internet connection in the room, hotels have invested in data networking. But for how long will hotels keep spending on two different networks?
Shane Izaks believes that convergence is inevitable. "The Internet presents opportunities to introduce new ways to enhance customer experience and thus differentiate ourselves from the rest of the industry."
Communication technologies allow a certain yet needed differentiation, by offering more and more personalized services to this new wave of guests coming from China, Korea or Russia. Therefore, hoteliers are looking at building up their competitiveness by improving guest services, increase staff efficiency and maximize their return on investment.
Marc-Alexis Remond, director of marketing and business development at Alcatel, points to three beneficiaries of a converging network.
"Hotel guests want personalized services, fast answers, first call resolution and access to advanced communications and entertainment applications. Hotel staff and executives need mobility and collaborative solutions that keep them connected and available, with access to information, in real time and easy interactions with guests and colleagues.
"Everyone wants a highly reliable data and telephony solution that provides consistent user services across the enterprise while benefiting from the maximum operational cost savings for the minimum investment."
The trick is to identify the right technologies and applications and find vendor-suppliers with a strategy for deploying enterprise IP telephony solutions over any data network (LAN switches, routers, etc), whether provided by themselves or a third party. Staying with standards-based solutions will mitigate the risks of vendor lock-in.
Successful Financial Supply Chain Strategy: the CFO Connection
In a truly global environment, an enterprise operation extends beyond the confines of its business premises to encompass the operations of its suppliers, partners and customers. But while most organizations have learned to fine-tune their enterprise resource planning (ERP) systems, few have yet to experience the promise of their supply chain management (SCM) systems.
SCM systems have the potential to improve the three key drivers of financial performance -- growth, profitability and capital utilization. Many of today's enterprises fail to achieve these benefits because many C-level executives view SCM as a tactical back-room cost-center activity. Most SCM professionals fail to link SCM to key financial metrics because they do not speak the language of finance and are therefore unable to articulate how SCM drives financial performance. For SCM to drive performance throughout the organization, strategic and tactical decisions must be made with an enterprise-wide perspective.
"In an age of intense competition, supply chain efficiency and adaptability are not just requirements for success. They are necessities for survival," said Patricia Cheong, Regional Director, Asia at Sterling Commerce. "A recent study conducted by Accenture, Stanford, and INSEAD found that senior executives at leading companies view supply chains as critical or very important to their company and industry, and most also agreed that investments in supply chain capabilities have increased in the last three years."
Central to achieving such a transformation is the Chief Financial Officer (CFO). The CFO must take a leadership position in educating key personnel on the financial connection as he is well equipped with the financial acumen to link business processes, activities and tasks to key financial metrics achieving an enterprise-wide view.
Cheong concurs, "Driven by cost-cutting needs and general dissatisfaction with supply chain performance, CFOs are adding supply-chain management to the financial levers they already control. In the past, they have had a feeling that they have spent too much -- with too little to show for it. New technologies and architectures have emerged to make the CFO's quest for visibility and control over complex supply chain processes both possible and practical. Today, applications are available for managing the flow of orders, inventory and shipments both inside and outside an organization. These applications provide end-to-end visibility into critical supply chain events and exceptions, together with the tools to proactively balance supply and demand in real time."
Buck Devashish, SVP of Strategic Initiatives and Business Development at Sterling Commerce, looks at it differently. "In the late 80s/early 90s the CFO became all-powerful because he/she became the voice of the shareholder driving corporate returns through improved efficiency of operations and better control of the entire cash flow cycle. This was enabled in part by the entire ERP wave that came up then and helped the CFO track every item of expense incurred, and also track every asset actually owned by the corporation."
The supply chain management wave of the late 90s continuing through today is focused on maximizing value in the extended enterprise space, or multi-enterprise processes. Here, the challenge for the CFO is that several of the expenses are incurred by third parties and that inventory is often not on the books of the organization and thus out of the direct "control" of the finance executive.
The added complexity of an extended enterprise has not changed the demands on the company to deliver shareholder return. Devashish concludes that it is considered best practice for CFO to be involved in supply chain management. Best practice companies including Wal-mart and Dell have realized that the supply chain is their true sustainable differentiator today.
Dr. Stephen G. Timme, president of Finlistics Solutions and an adjunct professor at the Georgia Institute of Technology, suggests that CFOs take a top-down approach to making the financial-SCM connection. This comprises three elements:
Step 1: Calculate the Value of Gaps in Key Financial Metrics
Gaps exist between revenue, costs of goods sold and days in inventory (DII). The value of the gaps can be based on historical data, industry aggregates, benchmarks from competitors and aspirations derived from business intelligence tools. Whatever metric is used, these should be a correlation to shareholder value, should be used to reward senior managers, and are easily understood throughout the organization.
Step 2: Link Gaps in Financial Metrics to SCM Business Processes and Strategies
Each process within an organization bears a direct impact on a company's financial operation. Resulting gaps in financial metrics should be identified in specific areas of the operation to provide a better understanding of the cause-and-effect relationships between SCM activities and financial performance. For example, a gap in profitability related to percentage cost of goods sold can be mapped to an SCM-related process such as distribution and logistics. This in turn is linked to a key activity such as warehouse management, which itself is related to tasks such as receiving, putting away, pick-pack-ship operations, and to key performance indictors such as labor costs, average time per pick, and pick accuracy. A misalignment within any element of the process creates opportunities for gaps to proliferate and impact the organization's overall performance and profitability.
Step 3: Map SCM Initiatives to Financial Performance Gaps
The information obtained in the first two steps becomes the foundation for exploring SCM solutions that improve the SCM-related business processes and strategies underlying the gaps in the key financial metrics. A logical methodology for identifying specific areas of opportunities can thus be created, and a disciplined approach for estimating monetary benefits can be built.
SCM has the potential to help improve higher returns to shareholders. Improvements in SCM business processes and strategies cannot completely close financial performance gaps. But for many organizations, the improvements have a significant impact on the bottom line.
SCM systems have the potential to improve the three key drivers of financial performance -- growth, profitability and capital utilization. Many of today's enterprises fail to achieve these benefits because many C-level executives view SCM as a tactical back-room cost-center activity. Most SCM professionals fail to link SCM to key financial metrics because they do not speak the language of finance and are therefore unable to articulate how SCM drives financial performance. For SCM to drive performance throughout the organization, strategic and tactical decisions must be made with an enterprise-wide perspective.
"In an age of intense competition, supply chain efficiency and adaptability are not just requirements for success. They are necessities for survival," said Patricia Cheong, Regional Director, Asia at Sterling Commerce. "A recent study conducted by Accenture, Stanford, and INSEAD found that senior executives at leading companies view supply chains as critical or very important to their company and industry, and most also agreed that investments in supply chain capabilities have increased in the last three years."
Central to achieving such a transformation is the Chief Financial Officer (CFO). The CFO must take a leadership position in educating key personnel on the financial connection as he is well equipped with the financial acumen to link business processes, activities and tasks to key financial metrics achieving an enterprise-wide view.
Cheong concurs, "Driven by cost-cutting needs and general dissatisfaction with supply chain performance, CFOs are adding supply-chain management to the financial levers they already control. In the past, they have had a feeling that they have spent too much -- with too little to show for it. New technologies and architectures have emerged to make the CFO's quest for visibility and control over complex supply chain processes both possible and practical. Today, applications are available for managing the flow of orders, inventory and shipments both inside and outside an organization. These applications provide end-to-end visibility into critical supply chain events and exceptions, together with the tools to proactively balance supply and demand in real time."
Buck Devashish, SVP of Strategic Initiatives and Business Development at Sterling Commerce, looks at it differently. "In the late 80s/early 90s the CFO became all-powerful because he/she became the voice of the shareholder driving corporate returns through improved efficiency of operations and better control of the entire cash flow cycle. This was enabled in part by the entire ERP wave that came up then and helped the CFO track every item of expense incurred, and also track every asset actually owned by the corporation."
The supply chain management wave of the late 90s continuing through today is focused on maximizing value in the extended enterprise space, or multi-enterprise processes. Here, the challenge for the CFO is that several of the expenses are incurred by third parties and that inventory is often not on the books of the organization and thus out of the direct "control" of the finance executive.
The added complexity of an extended enterprise has not changed the demands on the company to deliver shareholder return. Devashish concludes that it is considered best practice for CFO to be involved in supply chain management. Best practice companies including Wal-mart and Dell have realized that the supply chain is their true sustainable differentiator today.
Dr. Stephen G. Timme, president of Finlistics Solutions and an adjunct professor at the Georgia Institute of Technology, suggests that CFOs take a top-down approach to making the financial-SCM connection. This comprises three elements:
Step 1: Calculate the Value of Gaps in Key Financial Metrics
Gaps exist between revenue, costs of goods sold and days in inventory (DII). The value of the gaps can be based on historical data, industry aggregates, benchmarks from competitors and aspirations derived from business intelligence tools. Whatever metric is used, these should be a correlation to shareholder value, should be used to reward senior managers, and are easily understood throughout the organization.
Step 2: Link Gaps in Financial Metrics to SCM Business Processes and Strategies
Each process within an organization bears a direct impact on a company's financial operation. Resulting gaps in financial metrics should be identified in specific areas of the operation to provide a better understanding of the cause-and-effect relationships between SCM activities and financial performance. For example, a gap in profitability related to percentage cost of goods sold can be mapped to an SCM-related process such as distribution and logistics. This in turn is linked to a key activity such as warehouse management, which itself is related to tasks such as receiving, putting away, pick-pack-ship operations, and to key performance indictors such as labor costs, average time per pick, and pick accuracy. A misalignment within any element of the process creates opportunities for gaps to proliferate and impact the organization's overall performance and profitability.
Step 3: Map SCM Initiatives to Financial Performance Gaps
The information obtained in the first two steps becomes the foundation for exploring SCM solutions that improve the SCM-related business processes and strategies underlying the gaps in the key financial metrics. A logical methodology for identifying specific areas of opportunities can thus be created, and a disciplined approach for estimating monetary benefits can be built.
SCM has the potential to help improve higher returns to shareholders. Improvements in SCM business processes and strategies cannot completely close financial performance gaps. But for many organizations, the improvements have a significant impact on the bottom line.
China's Data Center Challenges
The good news is that China has a competent labor pool from which to draw the necessary skills to build and support data center operation. The bad news is that China's data center managers face the same problems as their counterparts in developed countries like the US and Europe.
While salaries, which comprise a significant portion of IT budgets, remain low relative to those in the US, Europe, Japan or Australia, other costs are not too far off.
"Mature industries like banking are heavily dependent on technology to thrive. In these markets, data centers are built based on similar standards as those in more market markets like the US and Europe," said Jerry Yi, Senior Solutions Consultant, China Hewlett-Packard.
One significant advantage that China has over markets like Singapore and Hong Kong is the limited amount of legacy infrastructure in place. Chinese businesses that are expanding to meet domestic and international business opportunities can take advantage of new technology and not be held down by legacy applications and business processes.
China's economic boom is significantly impacting the way data centers are designed, built and operated. BUt many of these centers are still located in major business cities like Beijing, Shanghai and Guangzhou. In these locations, real estate costs are rapidly rising and data center managers need to carefully plan for space if they are to ensure effective use of prime resources.
Richard Y. Mei, Technical Manager, Systems Engineering at Commscope, notes that China's data center designers and managers can leverage best practices learned in structured cabling, cooling/heating/ventilation and lighting to enhance operational efficiency.
"The inhibitor towards successful data center design is not price but growth. Companies need to carefully plan for growth. Otherwise they will discover that the data center facility they built today will not able to meet business demands in a year's time," he said.
Raju Chellam, Asia-Pacific Vice President for AMI Partners, an international research firm, agrees. "The biggest and most common mistake among data center designers in Asia is poor planning. Lack of proper foresight and failure to pay attention to the potential of business growth is resulting in some data centers reaching capacity within a matter of 18 months. This is a waste of company resource and will definitely result in lost business opportunities as companies struggle to build new data centers or extend existing ones."
Although virtualization is reducing the number of new servers being purchased, the compact design of blade servers means that cooling and ventilation will become significant factors in data center design and operation.
"Companies need to look at advances in dynamic smart cooling technologies to cooling-over-provisioning and higher operational cost issues," adds Yi.
Mei recommends sticking to standards when selecting the core components of a data center. "It is a mistake to assume that buying cheaper cables and connectors will save you money. On the contrary, such a practice often leads to higher costs as companies eventually realize that they sacrifice reliability and scalability to save a few dollars. There are hard dollars lost when a data center goes down because of faulty cabling," argues Mei.
Another challenge facing IT managers is the issue of budgets. China's economy is booming and businesses are expanding. But IT budgets are not keeping up with the growth beyond the technology. To add pressure to the kettle, focus has remained on the cost of acquisition rather than the total cost of ownership. Unfortunately, initial purchase price is clearly visible to finance and senior management.
Two other costs often ignored in the planning stages are operational costs and implementation costs. The former includes system management, power and cooling, and the impact of system failure. These costs are difficult to quantify in detail. The latter carries a variability clause meaning additional costs will be incurred subject to delays that are cannot be accurately predicted.
Troy Syn, Managing principal APJ TSG Presales SWAT, Technology Solutions Group at HP notes that given today’s constrained IT budgets, there is a reluctance to invest capital on IT. "This has lead to a "Band Aid" approach to IT investment. However this approach has also lead to a (slowly) increasing run rate of IT costs. Given that IT is now a critical component of a company's operations, perhaps the biggest misconception that needs to be changed is that investments in IT need to be made for long term transformations," adds Syn.
Indeed, good planning, attention to detail and foresight are attributes that come with some of the best built data centers in the world. Listening to the experience of others will pay dividends very quickly.
While salaries, which comprise a significant portion of IT budgets, remain low relative to those in the US, Europe, Japan or Australia, other costs are not too far off.
"Mature industries like banking are heavily dependent on technology to thrive. In these markets, data centers are built based on similar standards as those in more market markets like the US and Europe," said Jerry Yi, Senior Solutions Consultant, China Hewlett-Packard.
One significant advantage that China has over markets like Singapore and Hong Kong is the limited amount of legacy infrastructure in place. Chinese businesses that are expanding to meet domestic and international business opportunities can take advantage of new technology and not be held down by legacy applications and business processes.
China's economic boom is significantly impacting the way data centers are designed, built and operated. BUt many of these centers are still located in major business cities like Beijing, Shanghai and Guangzhou. In these locations, real estate costs are rapidly rising and data center managers need to carefully plan for space if they are to ensure effective use of prime resources.
Richard Y. Mei, Technical Manager, Systems Engineering at Commscope, notes that China's data center designers and managers can leverage best practices learned in structured cabling, cooling/heating/ventilation and lighting to enhance operational efficiency.
"The inhibitor towards successful data center design is not price but growth. Companies need to carefully plan for growth. Otherwise they will discover that the data center facility they built today will not able to meet business demands in a year's time," he said.
Raju Chellam, Asia-Pacific Vice President for AMI Partners, an international research firm, agrees. "The biggest and most common mistake among data center designers in Asia is poor planning. Lack of proper foresight and failure to pay attention to the potential of business growth is resulting in some data centers reaching capacity within a matter of 18 months. This is a waste of company resource and will definitely result in lost business opportunities as companies struggle to build new data centers or extend existing ones."
Although virtualization is reducing the number of new servers being purchased, the compact design of blade servers means that cooling and ventilation will become significant factors in data center design and operation.
"Companies need to look at advances in dynamic smart cooling technologies to cooling-over-provisioning and higher operational cost issues," adds Yi.
Mei recommends sticking to standards when selecting the core components of a data center. "It is a mistake to assume that buying cheaper cables and connectors will save you money. On the contrary, such a practice often leads to higher costs as companies eventually realize that they sacrifice reliability and scalability to save a few dollars. There are hard dollars lost when a data center goes down because of faulty cabling," argues Mei.
Another challenge facing IT managers is the issue of budgets. China's economy is booming and businesses are expanding. But IT budgets are not keeping up with the growth beyond the technology. To add pressure to the kettle, focus has remained on the cost of acquisition rather than the total cost of ownership. Unfortunately, initial purchase price is clearly visible to finance and senior management.
Two other costs often ignored in the planning stages are operational costs and implementation costs. The former includes system management, power and cooling, and the impact of system failure. These costs are difficult to quantify in detail. The latter carries a variability clause meaning additional costs will be incurred subject to delays that are cannot be accurately predicted.
Troy Syn, Managing principal APJ TSG Presales SWAT, Technology Solutions Group at HP notes that given today’s constrained IT budgets, there is a reluctance to invest capital on IT. "This has lead to a "Band Aid" approach to IT investment. However this approach has also lead to a (slowly) increasing run rate of IT costs. Given that IT is now a critical component of a company's operations, perhaps the biggest misconception that needs to be changed is that investments in IT need to be made for long term transformations," adds Syn.
Indeed, good planning, attention to detail and foresight are attributes that come with some of the best built data centers in the world. Listening to the experience of others will pay dividends very quickly.
The Arguments for Compliance
If there is anything to be observed with IT in 2007, it is a shift in priorities. Gartner notes that for the first time in years security is no longer number one in CIOs' priorities. So what is keeping CIOs awake these days?
Compliance!
A recent survey of 350 Asia Pacific-based CIOs shows that more companies are taking on compliance projects. K. C. Yee, Vice President of Asia-Pacific for Serena Software, notes a doubling (in percentage terms) of compliance activities for the same period compared to last year.
Banks and telcos lead the way in compliance activities. What is also notable is for the first time, the source of pressure is from overseas regulators,followed by high-tech manufacturing. Regulators are no longer the only rationale for seeking compliance measures.
"Companies are realizing that meeting standards is important to the business and that industry standards have a place in a company's survival and growth," says Yee. "If you're not ISO9000, maybe companies won't buy from you. But is it a law? No country is mandated by law to be ISO9000-compliant. It's about quality. ISO9000 is like having a badge of quality. It can be a form of compliance too," he adds.
According to Serena the reason why companies take up compliance has also changed. Previously companies engaged in compliance projects do so to deal with foreign companies -- for trading purposes. Publicly traded companies in the US are demanding their suppliers to be Sarbanes-Oxley (SOX) compliant.
Yee observes that local regulations are driving more companies in the region to embrace compliance efforts. "And companies have been made aware of this. Either their constituents or their market or their governments are asking for these things. Which I think is a great sign for compliance maturity in the region," he adds.
Three's company
CEOs and CFOs worry about regulatory compliance. When you have this specter of going to jail, you start to get this sense of accountability. What has changed this year is that CIOs have started to feel accountable as well.
When you consider that CIOs are mandated to align their organization more closely with the business, a sense of accountability follows suit. CIOs are probably feeling the heat as well. The Serena survey certainly makes it clear. Whether it is external or internal forces, a higher percentage of CIOs agree that they can be held responsible today.
Can a CIO go to jail for failure to comply? For everything there is a first time.
The road to compliance
When you buy hardware or infrastructure systems you often look at performance benchmarks like 99.9999 percent uptime. The risk becomes almost nothing. But what about applications? Many organizations are starting to realize that it's about managing systems, managing quality, managing the application life cycle process. Questions about application lifecycle management are coming into fore.
"It's about getting in and being a lot more sophisticated in understanding who's responsible and why. IT systems and application systems are key factors for compliance. And this shows in how IT budgets are being allocated," notes Yee.
In 2004, Nicholas Carr, a business writer whose work centers on strategy, innovation, and technology, wrote that IT has ceased to become of value to the business because sizeable chunks of budgets are allocated to maintenance, sacrificing innovation to save money and keep systems up.
Indeed the economic down cycles of the 1990s have seen companies focus on cost control. Innovation really took a back seat as new application developments were stopped on their tracks.
Jeremy Burton, CEO and President of Serena Software, believes that the tide is changing.
Following the Enron debacle, compliance efforts took center stage and with it governance. As companies realize you can only squeeze so much blood from a stone, innovation is being seen as perhaps the answer to growth and competition.
IT budgets are on the rise (although not as fast as the business uptake). As companies refresh their systems, maintenance is taking a backseat and companies are taking a fresh stab at developing new applications to meet current and future business opportunities.
Within the arena of application development two things are converging and resulting in a dramatic shift in how companies innovate. Service-Oriented Architecture (SOA) has been around for more than five years and companies are finally beginning to understand what it really means to IT and the business.
In its early days, SOA had a hard time to find its roots. It was perceived as pure technology with no link to the business. Indeed the original SOA messaging was around software re-use. However, according to Gartner only 20 percent of all SOA-ready applications are ever re-used.
In truth SOA is about interoperability or the ability to use small applications from different sources together for a new purpose. This is its true mission. But for SOA to thrive systems must comply with standards. Governance is therefore a requisite to SOA success while lifecycle management is key to its sustainability.
Yee predicts that in the coming years companies will need to find a way to innovate. Many of these will come as a result of new applications. In the 10 years since inception SOA has matured to where we can achieve real business benefits from its use.
"SOA is change agent enabling companies to move forward with new business initiatives without the burden of legacy systems or policies to hold them down. You have to have vision to see things through and a commitment to innovate to grow," concludes Yee.
There is finally room for innovation.
Compliance!
A recent survey of 350 Asia Pacific-based CIOs shows that more companies are taking on compliance projects. K. C. Yee, Vice President of Asia-Pacific for Serena Software, notes a doubling (in percentage terms) of compliance activities for the same period compared to last year.
Banks and telcos lead the way in compliance activities. What is also notable is for the first time, the source of pressure is from overseas regulators,followed by high-tech manufacturing. Regulators are no longer the only rationale for seeking compliance measures.
"Companies are realizing that meeting standards is important to the business and that industry standards have a place in a company's survival and growth," says Yee. "If you're not ISO9000, maybe companies won't buy from you. But is it a law? No country is mandated by law to be ISO9000-compliant. It's about quality. ISO9000 is like having a badge of quality. It can be a form of compliance too," he adds.
According to Serena the reason why companies take up compliance has also changed. Previously companies engaged in compliance projects do so to deal with foreign companies -- for trading purposes. Publicly traded companies in the US are demanding their suppliers to be Sarbanes-Oxley (SOX) compliant.
Yee observes that local regulations are driving more companies in the region to embrace compliance efforts. "And companies have been made aware of this. Either their constituents or their market or their governments are asking for these things. Which I think is a great sign for compliance maturity in the region," he adds.
Three's company
CEOs and CFOs worry about regulatory compliance. When you have this specter of going to jail, you start to get this sense of accountability. What has changed this year is that CIOs have started to feel accountable as well.
When you consider that CIOs are mandated to align their organization more closely with the business, a sense of accountability follows suit. CIOs are probably feeling the heat as well. The Serena survey certainly makes it clear. Whether it is external or internal forces, a higher percentage of CIOs agree that they can be held responsible today.
Can a CIO go to jail for failure to comply? For everything there is a first time.
The road to compliance
When you buy hardware or infrastructure systems you often look at performance benchmarks like 99.9999 percent uptime. The risk becomes almost nothing. But what about applications? Many organizations are starting to realize that it's about managing systems, managing quality, managing the application life cycle process. Questions about application lifecycle management are coming into fore.
"It's about getting in and being a lot more sophisticated in understanding who's responsible and why. IT systems and application systems are key factors for compliance. And this shows in how IT budgets are being allocated," notes Yee.
In 2004, Nicholas Carr, a business writer whose work centers on strategy, innovation, and technology, wrote that IT has ceased to become of value to the business because sizeable chunks of budgets are allocated to maintenance, sacrificing innovation to save money and keep systems up.
Indeed the economic down cycles of the 1990s have seen companies focus on cost control. Innovation really took a back seat as new application developments were stopped on their tracks.
Jeremy Burton, CEO and President of Serena Software, believes that the tide is changing.
Following the Enron debacle, compliance efforts took center stage and with it governance. As companies realize you can only squeeze so much blood from a stone, innovation is being seen as perhaps the answer to growth and competition.
IT budgets are on the rise (although not as fast as the business uptake). As companies refresh their systems, maintenance is taking a backseat and companies are taking a fresh stab at developing new applications to meet current and future business opportunities.
Within the arena of application development two things are converging and resulting in a dramatic shift in how companies innovate. Service-Oriented Architecture (SOA) has been around for more than five years and companies are finally beginning to understand what it really means to IT and the business.
In its early days, SOA had a hard time to find its roots. It was perceived as pure technology with no link to the business. Indeed the original SOA messaging was around software re-use. However, according to Gartner only 20 percent of all SOA-ready applications are ever re-used.
In truth SOA is about interoperability or the ability to use small applications from different sources together for a new purpose. This is its true mission. But for SOA to thrive systems must comply with standards. Governance is therefore a requisite to SOA success while lifecycle management is key to its sustainability.
Yee predicts that in the coming years companies will need to find a way to innovate. Many of these will come as a result of new applications. In the 10 years since inception SOA has matured to where we can achieve real business benefits from its use.
"SOA is change agent enabling companies to move forward with new business initiatives without the burden of legacy systems or policies to hold them down. You have to have vision to see things through and a commitment to innovate to grow," concludes Yee.
There is finally room for innovation.
BPM: Beyond Business Intelligence
"It is an immutable law in business that words are words, explanations are explanations, promises are promises -- but only performance is reality," Harold S. Geneen, former chief executive of International Telephone and Telegraph (ITT), said.
In the face of brutal competition, fast access to the right information is said to be a key ingredient in a manager's ability to make decisions quickly. But is simply having the right information enough?
Vendors are pushing the boundaries of business intelligence tools, redesigning these to be more user friendly. The days when you need power users to print a sales report are fast ending. But running a business isn't simply about knowing the competition and the market.
Imagine a 100-meter race where every combatant finishes at exactly the same time. Would you still call it a race? Competition is defined as the act of striving against another force to achieve dominance or attain a reward or goal. A key element in any competition is the ability to measure the performance of participants either against themselves, a preset metric, or the competition (often the leader in that industry).
Enter Business Performance Management (BPM), a set of processes that help organizations optimize their business performance. It is a framework for organizing, automating and analyzing business methodologies, metrics, processes and systems that drive business performance.
"BPM is not about IT, it's not about reporting, it's not about forecasting, it's not about planning, and yet it is all of these things and more. BPM is a management tool that can be used to measure how well the business is doing and help align the activities of people and processes to achieve desired goals," explains Sheikh Manzoor Ghani, Director of Performance Management at SAS Malaysia.
When you are able to measure your performance against a set benchmark, you are able to gauge areas for improvement. BPM uses key performance indicators (KPIs) to help companies monitor efficiency of projects and employees against operational targets. Because BPM is all about tracking how processes are performing it creates a mechanism for continuous improvement.
Agents of change
Can you go for it alone? Because BPM is not a point solution -- not a product -- its implementation requires a fair bit of understanding of industry best practices, methodologies and technologies. Going for it alone creates the potential for failure.
While most companies know their operations better than anyone else, most successful introduction of BPM systems required an external agent to introduce the possibilities and help identify areas that can benefit from the solution.
"Enterprises should use external resources but always use these resources synergistically with internal processes and programs. External resources will bring in perspectives from other industries and experiences, and provide benchmarks that will be useful for setting up KPIs internally," says Deena Lawrence, Global Partner at Meritus.
"By turning to en external source, a company is able to draw upon the expertise and experience that these consultants have to set the right goals and measure the right metrics to help ensure successful use of the BPM solution in the most effective and efficient manner for their organization," says Ghani.
Common mistakes
The unknown invites mistakes. The good news is that if we learn from the mistakes of others, we have the opportunity to avoid these when it's our turn.
Ghani points to lack of understanding of internal processes as a very common mistake. "It is essential for an organization to identify its own business requirements, and to ensure that a vendor can meet those requirements," adds Ghani.
He also points out that organizations need to consider data integration and their own data analysis methods, in order to alleviate additional challenges when implementing a new system.
Lawrence warns that "blind adherence to past practices creates a false sense of 'safety' and 'correctness'. Other common mistakes include having loosely defined KPIs that may not measure key business costs (an example being marketing), lack of measure to capture organizational training (knowledge is often lost when people quit the company), and an IT infrastructure that focuses on storage, tools and reports, rather than on insight from captured data."
BPM provides visuals to allow organizations to manage and analyze KPIs, and to set benchmarks for proactive corporate planning. "The main BPM aspects to consider are KPIs, data mining, scorecards, dashboards, and of course the benefits and challenges associated with implementing a BPM solution," advises Ghani.
The right tool for the right job
You can have the best BI tools money can buy and be happy with how it helps you make business decisions. It will certainly help you make forecasts and do "what if scenarios". But it won't help you understand why you are behind the leader in the market. It will not help you track your performance to help you become better than yourself or the industry or the competition. That is the job of BPM.
Gartner warns that supporting performance management can be a daunting endeavor, given the strategic impact it can have on your organization. To succeed, it is important to understand and identify your organization's business objectives, metrics, constituents and communication approach.
Most vendors will only be able to support specific parts of a user's holistic performance management requirements. Consequently, users must define their real scope for performance management and plan to buy and build accordingly.
Sheikh Manzoor Ghani, Director of Performance Management at SAS Malaysia, points to research work done by the Hackett Group and materials from the book "The Strategy Gap" that present several best practices and plans of high-performance organizations, which are in relation to their BPM strategy.
1. Good plans answer key directional questions. High-performing organizations do not assume that Plan A will always work. Instead, they prepare alternatives in case they are needed.
2. Good plans typically address three activities -- how the organization will maintain current operations, how it will improve the efficiency of current operations, and which new ventures or initiatives the organization will implement. In this way, any change in performance can be assessed in terms of the type of activity.
3. Good plans -- and organizations -- are focused. High-performing organizations do not plan in detail. More detail does not equal more accuracy. More detail does, however, negatively affect the time available for analysis.
4. Good plans include all aspects of the business. In addition to detailing how goals will be achieved, good plans also describe how the organization can continue to be effective and generate programs into the future. Employee knowledge, customer relationships, and the culture of innovation may create the bulk of value for any organization. This is perhaps the biggest reason a general ledger cannot be used to collect and hold a performance management budget for an organization.
5. Good plans link strategies to activities. Activities in a high-performing organization are linked into a cause and effect hierarchy because the achievement of an objective is the result of doing the right things well. This way, organizations can begin to understand and can build on the true drivers of success.
6. Good plans are measurable. Objectives and strategies have measures of success, while activities have measures of implementation. In this way, the completeness of an activity can be correlated with the success of an objective.
7. Good plans include assignments for accountability. In high-performing organizations, specific people are made responsible for individual activities. They are empowered, rewarded, and have control of the resources to ensure the delivery of the activity.
8. Good plans include the recording and monitoring of assumptions. If the organization discovers that their business assumptions are incorrect, they reconsider the associated plan targets and adapt accordingly.
9. Good plans includes a Strategy Driven Approach Strategy scorecards along with their graphical representations on strategy maps provide a logical and comprehensive way to describe strategy.
10. Good plans include a Business Metrics Driven Approach KPI scorecards are most helpful for departments and teams when a strategic program already exists at a higher level as that "things that get measured get managed."
In the face of brutal competition, fast access to the right information is said to be a key ingredient in a manager's ability to make decisions quickly. But is simply having the right information enough?
Vendors are pushing the boundaries of business intelligence tools, redesigning these to be more user friendly. The days when you need power users to print a sales report are fast ending. But running a business isn't simply about knowing the competition and the market.
Imagine a 100-meter race where every combatant finishes at exactly the same time. Would you still call it a race? Competition is defined as the act of striving against another force to achieve dominance or attain a reward or goal. A key element in any competition is the ability to measure the performance of participants either against themselves, a preset metric, or the competition (often the leader in that industry).
Enter Business Performance Management (BPM), a set of processes that help organizations optimize their business performance. It is a framework for organizing, automating and analyzing business methodologies, metrics, processes and systems that drive business performance.
"BPM is not about IT, it's not about reporting, it's not about forecasting, it's not about planning, and yet it is all of these things and more. BPM is a management tool that can be used to measure how well the business is doing and help align the activities of people and processes to achieve desired goals," explains Sheikh Manzoor Ghani, Director of Performance Management at SAS Malaysia.
When you are able to measure your performance against a set benchmark, you are able to gauge areas for improvement. BPM uses key performance indicators (KPIs) to help companies monitor efficiency of projects and employees against operational targets. Because BPM is all about tracking how processes are performing it creates a mechanism for continuous improvement.
Agents of change
Can you go for it alone? Because BPM is not a point solution -- not a product -- its implementation requires a fair bit of understanding of industry best practices, methodologies and technologies. Going for it alone creates the potential for failure.
While most companies know their operations better than anyone else, most successful introduction of BPM systems required an external agent to introduce the possibilities and help identify areas that can benefit from the solution.
"Enterprises should use external resources but always use these resources synergistically with internal processes and programs. External resources will bring in perspectives from other industries and experiences, and provide benchmarks that will be useful for setting up KPIs internally," says Deena Lawrence, Global Partner at Meritus.
"By turning to en external source, a company is able to draw upon the expertise and experience that these consultants have to set the right goals and measure the right metrics to help ensure successful use of the BPM solution in the most effective and efficient manner for their organization," says Ghani.
Common mistakes
The unknown invites mistakes. The good news is that if we learn from the mistakes of others, we have the opportunity to avoid these when it's our turn.
Ghani points to lack of understanding of internal processes as a very common mistake. "It is essential for an organization to identify its own business requirements, and to ensure that a vendor can meet those requirements," adds Ghani.
He also points out that organizations need to consider data integration and their own data analysis methods, in order to alleviate additional challenges when implementing a new system.
Lawrence warns that "blind adherence to past practices creates a false sense of 'safety' and 'correctness'. Other common mistakes include having loosely defined KPIs that may not measure key business costs (an example being marketing), lack of measure to capture organizational training (knowledge is often lost when people quit the company), and an IT infrastructure that focuses on storage, tools and reports, rather than on insight from captured data."
BPM provides visuals to allow organizations to manage and analyze KPIs, and to set benchmarks for proactive corporate planning. "The main BPM aspects to consider are KPIs, data mining, scorecards, dashboards, and of course the benefits and challenges associated with implementing a BPM solution," advises Ghani.
The right tool for the right job
You can have the best BI tools money can buy and be happy with how it helps you make business decisions. It will certainly help you make forecasts and do "what if scenarios". But it won't help you understand why you are behind the leader in the market. It will not help you track your performance to help you become better than yourself or the industry or the competition. That is the job of BPM.
Gartner warns that supporting performance management can be a daunting endeavor, given the strategic impact it can have on your organization. To succeed, it is important to understand and identify your organization's business objectives, metrics, constituents and communication approach.
Most vendors will only be able to support specific parts of a user's holistic performance management requirements. Consequently, users must define their real scope for performance management and plan to buy and build accordingly.
Sheikh Manzoor Ghani, Director of Performance Management at SAS Malaysia, points to research work done by the Hackett Group and materials from the book "The Strategy Gap" that present several best practices and plans of high-performance organizations, which are in relation to their BPM strategy.
1. Good plans answer key directional questions. High-performing organizations do not assume that Plan A will always work. Instead, they prepare alternatives in case they are needed.
2. Good plans typically address three activities -- how the organization will maintain current operations, how it will improve the efficiency of current operations, and which new ventures or initiatives the organization will implement. In this way, any change in performance can be assessed in terms of the type of activity.
3. Good plans -- and organizations -- are focused. High-performing organizations do not plan in detail. More detail does not equal more accuracy. More detail does, however, negatively affect the time available for analysis.
4. Good plans include all aspects of the business. In addition to detailing how goals will be achieved, good plans also describe how the organization can continue to be effective and generate programs into the future. Employee knowledge, customer relationships, and the culture of innovation may create the bulk of value for any organization. This is perhaps the biggest reason a general ledger cannot be used to collect and hold a performance management budget for an organization.
5. Good plans link strategies to activities. Activities in a high-performing organization are linked into a cause and effect hierarchy because the achievement of an objective is the result of doing the right things well. This way, organizations can begin to understand and can build on the true drivers of success.
6. Good plans are measurable. Objectives and strategies have measures of success, while activities have measures of implementation. In this way, the completeness of an activity can be correlated with the success of an objective.
7. Good plans include assignments for accountability. In high-performing organizations, specific people are made responsible for individual activities. They are empowered, rewarded, and have control of the resources to ensure the delivery of the activity.
8. Good plans include the recording and monitoring of assumptions. If the organization discovers that their business assumptions are incorrect, they reconsider the associated plan targets and adapt accordingly.
9. Good plans includes a Strategy Driven Approach Strategy scorecards along with their graphical representations on strategy maps provide a logical and comprehensive way to describe strategy.
10. Good plans include a Business Metrics Driven Approach KPI scorecards are most helpful for departments and teams when a strategic program already exists at a higher level as that "things that get measured get managed."
The Precarious State of Security in Asia
Security is defined as the condition of being protected against danger or loss. In the Internet Age, information security has become just as valuable and important as is the physical aspects of safety.
Security remains top of mind among security business and technology executives. But how does this trickle down to users and their managers?
Enterprise Innovation conducted a survey of readers to determine the extent to which users are familiar with tools, policies and processes as it relates to security in the enterprise.
How many IT staff do you have dedicated to security?
Among 316 respondents to the survey, about 60% have a small team of between one to five persons within their IT organization to look after the security of their infrastructure. Almost 28 percent claim to have a larger team dedicated to security. Twelve percent do not have a dedicated security staff in their IT organization.
"Except for the very large organizations that truly have a dedicated security team, most so-called security experts in IT organizations actually perform several jobs, security being one of them," said Henry Ng, Professional Services Manager, Asia, Verizon Business. "Compared to the US, there are very few companies in Asia where a Chief Information Security Officer or CISO is employed to oversee the security initiatives of the company. In the organizations where such a role exists, the CISO often reports directly to the CEO rather than the CIO."
Do you struggle to consistently measure security across your enterprise?
Over 51 percent admit that they lack the ability to adequately measure security across the enterprise. Add to this the 24.6 percent of respondents who are uncertain as to how to measure security and you have a population of 75.6 percent of respondents who struggle with measuring security.
This suggests lack of internal awareness of the tools, policies and best practices to enable accurate measurement, and also implies the inability to justify further investments in security beyond basic security tools like anti-virus software, intrusion detection and intrusion prevention solutions.
How do you measure security? Some point solution vendors measure this by the number of incidents that are tracked and/or stopped at the door.
Ng says that his team is often invited to meet customers to solve specific security problems. "When it comes to security, most organizations act in response to specific events. Only a few, and mostly those from very large enterprises headquartered in the US or Europe, have a security strategy beyond the basics," Ng adds.
Can you effectively demonstrate risk reduction and an improved security posture?
The simplest way to demonstrate risk reduction is by keeping your anti-virus software updated. Most corporate users have this process automated for them by IT. As soon as a user logs in to the network, the client anti-virus software scans the server for any updates. Surprisingly only 38.6 percent of respondents claim to be able to demonstrate this posture.
Andrew Walls, Research Director on Security, Risk & Privacy at Gartner, says the only way to demonstrate risk reduction and security performance is to have an effective Security Information and Event Management (SIEM) program.
Gartner research has identified strong benefits in the level of security assurance and the containment of security costs produced through a well-managed SIEM program.
Walls warns that the metrics must be driven by business priorities with the raw metrics (gathered from technical security systems and processes) analyzed and translated into business terminology.
Do you need assistance or support for internal or external audits?
A little over 41 percent believe they need assistance with regards to internal or external audits. Over 42 percent claim they don't need support while almost 15 percent remain uncertain.
On the subject of international standards for information security, Walls notes that Asia tends to be less transparent concerning policies, processes and standards. "The tendency of Asian organizations to avoid exposing internal security practices in public setting leads to some conflicts when western organizations seek to perform security risk assessments and compliance audits. The lack of transparency is often interpreted as a lack of security enforcement within the organization which can lead to adverse audits," he adds.
Do you have to adhere to standards such as Payment Card Data Security Standard, ISO 27001 or others?
Only 20.5 percent of respondents confirm they comply with specific security standards. The standards with the most mentions are ISO 27001 and BS7799.
Close to 54 percent believe they are not mandated to comply with any security standards. Over a quarter of the survey respondents are uncertain whether their organizations should support any standard at all.
It is human nature that we operate in reactive mode, particularly when it comes to security. It should not surprise us that the aftermath of September 11, 2001, companies were scrambling to assess and deploy security policies and processes. Likewise, after the Boxing Day earthquake in Taiwan on December 26, 2006 that knocked out the undersea communication cables, people scrambled to figure out if their systems were compromised.
Do you have a structured process or methodology for managing enterprise-wide security initiatives?
Having a structured process for managing enterprise-wide security initiatives is a rarity in Asia Pacific. Not surprisingly only 26.3 percent of respondents claim they have a structured methodology for securing the organization. Many more (38.2 percent) believe they don't while a worrying 35.6 percent are uncertain if such a process exists at all.
The remaining two groups total 73.8 percent - a figure which should be a cause for concern for regulatory bodies and an opportunity for security experts seeking to offer their services to the market.
Are you confident of how to prioritize security efforts and allocate resources?
The ability to prioritize implies knowledge. The survey respondents clearly underestimate the size and complexity of executing security policies and strategies. About 45 percent of respondents claim they are confident they know how to prioritize security initiatives and allocate resources.
In reality, based on discussions with experts this is often not the case. It is possible that this perception is largely in the belief that security is nothing more than deploying a combination of anti-virus, intrusion detection and prevention solutions.
Do you find your existing security controls effective in protecting you against threats, worms and viruses?
The majority (61.9 percent) of respondents believe that their current setup is effective in controlling breaches caused by worms and viruses. They say it was over confidence that spelt the demise of Napoleon
Only a minority (17.9 percent) are pessimistic about their infrastructure's ability to contain and counter threats and a slightly higher percentage (20.3%) remain uncertain as to the effectiveness of their security initiatives.
Do you have third party validation or certification to provide or meet compliance requirements?
The confidence of respondents as to the effectiveness of their security initiative is dampened by the inability to actively measure or validate the effectiveness of security measures as it relates to meeting compliance requirements.
Only 35.7 percent of respondents have third party validation process in place. Forty-four percent do not use external organizations and this may be substantiated by the 42.7 percent who don't use an external auditor to check their security posture and the 53.9 percent who do not need to comply with any standards.
The remaining 20.3 percent are not sure if their organization are using third parties to conduct certification.
Numerous third party certifications are available in the market for all sorts of security processes. "However, they are only valuable as proof of compliance if the certification is based on the regular assessment of all security practices that are relevant to the standard being applied. The quality of the assessment is totally dependent on the issues raised above: transparency and maturity," warns Walls.
According to Walls, if an organization is not fully transparent during a certification assessment, they may receive the certification but then fail a compliance audit. Transparency is an absolute necessity if your organization is seriously dedicated to managing security risk.
"If the security program does not have well-documented and consistently enforced policies, standards and procedures, then the certification will be based on hearsay and personal assurances by staff. This will not be sufficient to pass a compliance audit," explains Walls.
Compliance is easy if you have a mature and transparent security program with effective metrics. If you do not have these, audits will always be a struggle.
Market Analysis
How much are companies spending on security solutions? According to IDC, $2.9 billion were spent on IT security solution across Asia Pacific (excluding Japan) in 2006. This number is expected to nearly double to $5.9 billion by 2011.
The IDC Asia/Pacific Communication Study of 2006 showed that "Introduction of viruses" was the top threat by a large margin. This signals that despite the maturation of the secure content management (SCM) technology (which includes antivirus, web-filtering and messaging security); viruses are still considered a very real threat to the enterprise IT infrastructure.
This is followed by "corruption or replication of data" and "external hacking". It is also noteworthy that "employee sabotage" also made it high on the list as the enterprises in APEJ have traditionally focused on perimeter defense, or what is commonly known as the strategy to "keep the bad stuff out".
This result shows that many enterprises now realize that there is a need to put in place controls to "keep the good stuff in" too.
Willie Low, IDC Senior Market Analyst of the Asia/Pacific Infrastructure Software Research, says viruses, worms, Trojan horses and other malware will continue to be top of mind issues for end-users. "However, the increasing use of RSS feeds, mashups, blogging, Web 2.0 and other interactive technologies at work will introduce new security challenges to many IT managers and not many organizations are prepared for that," he warns.
"It is no coincidence that we are seeing numerous information protection and control solutions (data loss prevention systems being a type of IPC solution) being introduced to the market lately. We can expect to see more in the coming months," concludes Low.
According to Gartner, the top 3 security issues or initiatives for 2008 in Asia are:
New approaches to IT delivery are exploding into the market. Software as a Service, Virtualization, On Demand Infrastructure, Managed Services, Social Networks, Grid computing and Virtual Worlds can provide enormous benefits in terms of performance and cost, but they also require new approaches to security. To get the benefits companies need to move aggressively to improve their security operation.
The rising prominence of organized crime in network-based attacks is creating new, more focused and effective attack strategies. Mitigation of this threat can only be achieved through a responsive, coordinated and enterprise-wide security program.
IT initiatives continue to take place without sufficient, early involvement of security in the design process. It costs far more to secure a system that is about to be deployed than it costs to secure a system that is about to be designed!
Conclusion
Walls warns that it is impossible to generalize across all of Asia the quality of security practices. He reminds us that as with other areas of business operations, different communities have advanced more rapidly than others due to a variety of factors.
"In general, deployment of security policies, processes and methodologies is performed well in the principal financial centers in Asia, such as Hong Kong, Singapore, Kuala Lumpur, Beijing and Shanghai. The need for security activities is driven by the risk appetite of the business leaders of a company. As organizations grow in size, they tend to become more conservative and risk averse. As a result they demand higher levels of security assurance," observes Walls.
It is therefore natural that companies in financial centers have higher levels of security activities than other industries.
In 2006, Chinatrust Commercial Bank (CCB) conducted a comprehensive examination of its information security environment. The exercise culminated in the company achieving Cybertrust Security Management Program (SMP) certification.
According to Chang Ruu-tian, executive vice president of Chinatrust Commercial Bank, "CCB was able to thoroughly reinforce its information security management program with expertise that help pinpoint weaknesses of existing external information systems, track records of improvements and examine the underlying causes of the problems."
The result is a clean bill of health the bank uses to position itself as one of the most secure financial institutions in Taiwan.
Ng suggests that successful security initiatives have several characteristics that ensure they survive beyond the discussion tables (whether at the Boardroom or at the war room where execution begins). "The approach can only be holistic - no piece meal tactical approach can survive long. It must have a starting baseline from which success or failure can be measured against. Initiatives need to be reviewed regularly against prevailing (and perhaps even speculative) conditions," concludes Ng.
Walls offers five best practices in creating and deploying a security initiative:
Understand the business priorities that are driving the initiative.
Determine how you will measure the success or failure of the initiative and negotiate these metrics with the business stakeholders
Prioritize vendors that have local support organizations to assist with design, deployment and management
Involve business leaders and users in the deployment plan to obtain organizational support
Call high, call wide, call often! Make sure that everyone from the CEO down are aware of their role in the initiative and are regularly updated on progress.
Whichever you want to listen to, you have to begin and that time should be yesterday.
Security remains top of mind among security business and technology executives. But how does this trickle down to users and their managers?
Enterprise Innovation conducted a survey of readers to determine the extent to which users are familiar with tools, policies and processes as it relates to security in the enterprise.
How many IT staff do you have dedicated to security?
Among 316 respondents to the survey, about 60% have a small team of between one to five persons within their IT organization to look after the security of their infrastructure. Almost 28 percent claim to have a larger team dedicated to security. Twelve percent do not have a dedicated security staff in their IT organization.
"Except for the very large organizations that truly have a dedicated security team, most so-called security experts in IT organizations actually perform several jobs, security being one of them," said Henry Ng, Professional Services Manager, Asia, Verizon Business. "Compared to the US, there are very few companies in Asia where a Chief Information Security Officer or CISO is employed to oversee the security initiatives of the company. In the organizations where such a role exists, the CISO often reports directly to the CEO rather than the CIO."
Do you struggle to consistently measure security across your enterprise?
Over 51 percent admit that they lack the ability to adequately measure security across the enterprise. Add to this the 24.6 percent of respondents who are uncertain as to how to measure security and you have a population of 75.6 percent of respondents who struggle with measuring security.
This suggests lack of internal awareness of the tools, policies and best practices to enable accurate measurement, and also implies the inability to justify further investments in security beyond basic security tools like anti-virus software, intrusion detection and intrusion prevention solutions.
How do you measure security? Some point solution vendors measure this by the number of incidents that are tracked and/or stopped at the door.
Ng says that his team is often invited to meet customers to solve specific security problems. "When it comes to security, most organizations act in response to specific events. Only a few, and mostly those from very large enterprises headquartered in the US or Europe, have a security strategy beyond the basics," Ng adds.
Can you effectively demonstrate risk reduction and an improved security posture?
The simplest way to demonstrate risk reduction is by keeping your anti-virus software updated. Most corporate users have this process automated for them by IT. As soon as a user logs in to the network, the client anti-virus software scans the server for any updates. Surprisingly only 38.6 percent of respondents claim to be able to demonstrate this posture.
Andrew Walls, Research Director on Security, Risk & Privacy at Gartner, says the only way to demonstrate risk reduction and security performance is to have an effective Security Information and Event Management (SIEM) program.
Gartner research has identified strong benefits in the level of security assurance and the containment of security costs produced through a well-managed SIEM program.
Walls warns that the metrics must be driven by business priorities with the raw metrics (gathered from technical security systems and processes) analyzed and translated into business terminology.
Do you need assistance or support for internal or external audits?
A little over 41 percent believe they need assistance with regards to internal or external audits. Over 42 percent claim they don't need support while almost 15 percent remain uncertain.
On the subject of international standards for information security, Walls notes that Asia tends to be less transparent concerning policies, processes and standards. "The tendency of Asian organizations to avoid exposing internal security practices in public setting leads to some conflicts when western organizations seek to perform security risk assessments and compliance audits. The lack of transparency is often interpreted as a lack of security enforcement within the organization which can lead to adverse audits," he adds.
Do you have to adhere to standards such as Payment Card Data Security Standard, ISO 27001 or others?
Only 20.5 percent of respondents confirm they comply with specific security standards. The standards with the most mentions are ISO 27001 and BS7799.
Close to 54 percent believe they are not mandated to comply with any security standards. Over a quarter of the survey respondents are uncertain whether their organizations should support any standard at all.
It is human nature that we operate in reactive mode, particularly when it comes to security. It should not surprise us that the aftermath of September 11, 2001, companies were scrambling to assess and deploy security policies and processes. Likewise, after the Boxing Day earthquake in Taiwan on December 26, 2006 that knocked out the undersea communication cables, people scrambled to figure out if their systems were compromised.
Do you have a structured process or methodology for managing enterprise-wide security initiatives?
Having a structured process for managing enterprise-wide security initiatives is a rarity in Asia Pacific. Not surprisingly only 26.3 percent of respondents claim they have a structured methodology for securing the organization. Many more (38.2 percent) believe they don't while a worrying 35.6 percent are uncertain if such a process exists at all.
The remaining two groups total 73.8 percent - a figure which should be a cause for concern for regulatory bodies and an opportunity for security experts seeking to offer their services to the market.
Are you confident of how to prioritize security efforts and allocate resources?
The ability to prioritize implies knowledge. The survey respondents clearly underestimate the size and complexity of executing security policies and strategies. About 45 percent of respondents claim they are confident they know how to prioritize security initiatives and allocate resources.
In reality, based on discussions with experts this is often not the case. It is possible that this perception is largely in the belief that security is nothing more than deploying a combination of anti-virus, intrusion detection and prevention solutions.
Do you find your existing security controls effective in protecting you against threats, worms and viruses?
The majority (61.9 percent) of respondents believe that their current setup is effective in controlling breaches caused by worms and viruses. They say it was over confidence that spelt the demise of Napoleon
Only a minority (17.9 percent) are pessimistic about their infrastructure's ability to contain and counter threats and a slightly higher percentage (20.3%) remain uncertain as to the effectiveness of their security initiatives.
Do you have third party validation or certification to provide or meet compliance requirements?
The confidence of respondents as to the effectiveness of their security initiative is dampened by the inability to actively measure or validate the effectiveness of security measures as it relates to meeting compliance requirements.
Only 35.7 percent of respondents have third party validation process in place. Forty-four percent do not use external organizations and this may be substantiated by the 42.7 percent who don't use an external auditor to check their security posture and the 53.9 percent who do not need to comply with any standards.
The remaining 20.3 percent are not sure if their organization are using third parties to conduct certification.
Numerous third party certifications are available in the market for all sorts of security processes. "However, they are only valuable as proof of compliance if the certification is based on the regular assessment of all security practices that are relevant to the standard being applied. The quality of the assessment is totally dependent on the issues raised above: transparency and maturity," warns Walls.
According to Walls, if an organization is not fully transparent during a certification assessment, they may receive the certification but then fail a compliance audit. Transparency is an absolute necessity if your organization is seriously dedicated to managing security risk.
"If the security program does not have well-documented and consistently enforced policies, standards and procedures, then the certification will be based on hearsay and personal assurances by staff. This will not be sufficient to pass a compliance audit," explains Walls.
Compliance is easy if you have a mature and transparent security program with effective metrics. If you do not have these, audits will always be a struggle.
Market Analysis
How much are companies spending on security solutions? According to IDC, $2.9 billion were spent on IT security solution across Asia Pacific (excluding Japan) in 2006. This number is expected to nearly double to $5.9 billion by 2011.
The IDC Asia/Pacific Communication Study of 2006 showed that "Introduction of viruses" was the top threat by a large margin. This signals that despite the maturation of the secure content management (SCM) technology (which includes antivirus, web-filtering and messaging security); viruses are still considered a very real threat to the enterprise IT infrastructure.
This is followed by "corruption or replication of data" and "external hacking". It is also noteworthy that "employee sabotage" also made it high on the list as the enterprises in APEJ have traditionally focused on perimeter defense, or what is commonly known as the strategy to "keep the bad stuff out".
This result shows that many enterprises now realize that there is a need to put in place controls to "keep the good stuff in" too.
Willie Low, IDC Senior Market Analyst of the Asia/Pacific Infrastructure Software Research, says viruses, worms, Trojan horses and other malware will continue to be top of mind issues for end-users. "However, the increasing use of RSS feeds, mashups, blogging, Web 2.0 and other interactive technologies at work will introduce new security challenges to many IT managers and not many organizations are prepared for that," he warns.
"It is no coincidence that we are seeing numerous information protection and control solutions (data loss prevention systems being a type of IPC solution) being introduced to the market lately. We can expect to see more in the coming months," concludes Low.
According to Gartner, the top 3 security issues or initiatives for 2008 in Asia are:
New approaches to IT delivery are exploding into the market. Software as a Service, Virtualization, On Demand Infrastructure, Managed Services, Social Networks, Grid computing and Virtual Worlds can provide enormous benefits in terms of performance and cost, but they also require new approaches to security. To get the benefits companies need to move aggressively to improve their security operation.
The rising prominence of organized crime in network-based attacks is creating new, more focused and effective attack strategies. Mitigation of this threat can only be achieved through a responsive, coordinated and enterprise-wide security program.
IT initiatives continue to take place without sufficient, early involvement of security in the design process. It costs far more to secure a system that is about to be deployed than it costs to secure a system that is about to be designed!
Conclusion
Walls warns that it is impossible to generalize across all of Asia the quality of security practices. He reminds us that as with other areas of business operations, different communities have advanced more rapidly than others due to a variety of factors.
"In general, deployment of security policies, processes and methodologies is performed well in the principal financial centers in Asia, such as Hong Kong, Singapore, Kuala Lumpur, Beijing and Shanghai. The need for security activities is driven by the risk appetite of the business leaders of a company. As organizations grow in size, they tend to become more conservative and risk averse. As a result they demand higher levels of security assurance," observes Walls.
It is therefore natural that companies in financial centers have higher levels of security activities than other industries.
In 2006, Chinatrust Commercial Bank (CCB) conducted a comprehensive examination of its information security environment. The exercise culminated in the company achieving Cybertrust Security Management Program (SMP) certification.
According to Chang Ruu-tian, executive vice president of Chinatrust Commercial Bank, "CCB was able to thoroughly reinforce its information security management program with expertise that help pinpoint weaknesses of existing external information systems, track records of improvements and examine the underlying causes of the problems."
The result is a clean bill of health the bank uses to position itself as one of the most secure financial institutions in Taiwan.
Ng suggests that successful security initiatives have several characteristics that ensure they survive beyond the discussion tables (whether at the Boardroom or at the war room where execution begins). "The approach can only be holistic - no piece meal tactical approach can survive long. It must have a starting baseline from which success or failure can be measured against. Initiatives need to be reviewed regularly against prevailing (and perhaps even speculative) conditions," concludes Ng.
Walls offers five best practices in creating and deploying a security initiative:
Understand the business priorities that are driving the initiative.
Determine how you will measure the success or failure of the initiative and negotiate these metrics with the business stakeholders
Prioritize vendors that have local support organizations to assist with design, deployment and management
Involve business leaders and users in the deployment plan to obtain organizational support
Call high, call wide, call often! Make sure that everyone from the CEO down are aware of their role in the initiative and are regularly updated on progress.
Whichever you want to listen to, you have to begin and that time should be yesterday.
Subscribe to:
Posts (Atom)
